ClawdCursor
v0.6.3AI desktop agent — control any app on Windows/macOS from your OpenClaw agent. Send natural language tasks to the Clawd Cursor API and it handles everything:...
⭐ 0· 1.1k·8 current·9 all-time
by@amrdab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the runtime instructions: this is a desktop GUI automation agent designed to control apps via screenshots and synthetic input. Requiring a local service that can take screenshots and send them to an AI provider is coherent with the stated purpose. However, the SKILL.md includes an explicit install flow (git clone + npm install + npm run setup + start) even though registry metadata lists no required binaries or env vars; that mismatch is notable but explainable (the skill needs Node/npm at install/run time).
Instruction Scope
The instructions direct the agent to run a local Clawd Cursor service that captures screenshots and performs clicks/typing — which necessarily gives broad access to whatever is on the screen. The doc says screenshots/text stay local or go only to the user's chosen AI provider, and that the skill inherits the active agent's API key, but there is no verifiable enforcement in the SKILL.md. The guidance to always ask before accessing sensitive apps is policy, not a technical constraint; the agent could be misconfigured or buggy and access sensitive apps. The SKILL.md also contains code snippets that require additional tooling (Playwright) and local ports (9222) which broaden its touch points.
Install Mechanism
Install steps in SKILL.md instruct cloning a GitHub repo and running npm install/setup and starting a service. Pulling and executing code from a remote repository is a moderate-to-high risk action because arbitrary code will be written to disk and executed. GitHub is a well-known host (better than an arbitrary URL), but npm install can bring many dependencies and native modules. The registry metadata's 'install specifications' were unknown/empty while SKILL.md contains explicit install commands — this discrepancy should be clarified by the publisher.
Credentials
The registry says 'no required env vars', but SKILL.md and notes state that in OpenClaw the skill 'inherits the active agent's AI provider + API key' and that screenshots/text may be sent to cloud providers. That means the agent's API key could be used by the Clawd Cursor process — a powerful credential for exfiltrating data to the configured provider. Requiring zero declared env vars while implicitly inheriting the agent's API key is a proportionality gap and should be explicitly documented and limited.
Persistence & Privilege
The skill starts a local REST service bound to 127.0.0.1 which will run on the user's machine and has GUI-level privileges (can read screenshots and synthesize input). 'always' is false (good), but installing and starting a background process still grants ongoing local capability to observe and control the UI. Binding to localhost reduces remote network exposure but does not eliminate local attack surface or misuse by other local processes. There is no explicit guarantee about auto-start/boot persistence in SKILL.md.
What to consider before installing
Things to consider before installing: 1) This skill requires cloning and running code from the project's GitHub (npm install, setup, start) — review that repository and the startup scripts before running them. 2) It runs a local service that captures screenshots and can control the UI; that is powerful — avoid giving it broad access to sensitive apps, or require explicit user confirmations for sensitive actions. 3) The skill inherits your agent's AI provider/API key (per SKILL.md): if you use a cloud provider, screenshots/text may be sent to that provider. Prefer a local provider (Ollama) if you want to keep data fully on-device. 4) If you proceed, run the install in a sandbox/VM or on a test machine first, verify what the service listens on, what it logs, and whether it auto-starts, and audit the npm dependencies. 5) Ask the publisher to resolve metadata mismatches (declare required binaries/env vars and clarify persistence/autostart) and to provide a reproducible install artifact (pinned release) rather than always cloning the main branch.Like a lobster shell, security has layers — review code before you run it.
VNCvk97115b5f8hc27cf9zd85yqjnd81n9v0accessibilityvk97115b5f8hc27cf9zd85yqjnd81n9v0automationvk97115b5f8hc27cf9zd85yqjnd81n9v0computer-usevk97115b5f8hc27cf9zd85yqjnd81n9v0desktopvk97115b5f8hc27cf9zd85yqjnd81n9v0latestvk977vryggeq8edxyack1wve6t1823m5f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.