Skip to content
← Registry
Trust Report

Windows

Windows-specific patterns, security practices, and operational traps that cause silent failures.

73
SUSPICIOUS
Format: openclawScanner: v0.8.0Duration: 4msScanned: 6d ago · Jun 1, 10:05 PMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 73AgentVerus SUSPICIOUS 73AgentVerus SUSPICIOUS 73
[![AgentVerus](https://agentverus.ai/api/v1/skill/37eb40b3-cd3d-433a-be14-737a2b9ada51/badge)](https://agentverus.ai/skill/37eb40b3-cd3d-433a-be14-737a2b9ada51)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/37eb40b3-cd3d-433a-be14-737a2b9ada51/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"37eb40b3-cd3d-433a-be14-737a2b9ada51","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/37eb40b3-cd3d-433a-be14-737a2b9ada51/trust

Category Scores

73
Permissions
50
Injection
100
Dependencies
100
Behavioral
65
Content
100
Code Safety

Findings (5)

highCapability contract mismatch: inferred credential access is not declared-15

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: access from SYSTEM account uses machine credentials

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-05
highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: exec

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCredential access detected-25

Found credential access pattern: "Credential Manager"

- Never hardcode passwords in scripts — use Windows Credential Manager:

Remove references to credentials and secrets. Skills should never access sensitive authentication data.

injectionASST-05
highUnrestricted mode activation detected-25

Found unrestricted mode activation pattern: "Enable Developer Mode"

- Enable Developer Mode for symlinks without admin: Settings → For Developers → Developer Mode

Remove unrestricted mode activation attempts. Skills must not bypass agent safety mechanisms.

injectionASST-01
mediumHigh-risk workflow lacks explicit safety boundaries-15

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09