ClawdCursor
WarnAudited by ClawScan on May 10, 2026.
Overview
ClawdCursor is a powerful desktop-control bridge that discloses many risks, but it can operate any visible app and installs unreviewed remote code, so it needs careful review before use.
Install only if you are comfortable giving a local service eyes and hands on your desktop. Before use, inspect or pin the GitHub code it installs, choose a local provider like Ollama for sensitive screens, require confirmation for email/banking/admin/password-manager actions, and stop the local service when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could potentially click through real applications and make changes on the user’s behalf, including in authenticated desktop or browser sessions.
This grants broad GUI control over arbitrary desktop applications, which can mutate user data, accounts, settings, or public outputs if not tightly controlled.
control any app on Windows/macOS ... opening apps, clicking buttons, typing text, navigating browsers, filling forms. If you can click it, your agent can too.
Use only for explicit desktop-control tasks, keep confirmation required for sensitive or irreversible actions, and prefer direct scoped tools when available.
A user would be running unreviewed remote code that is intended to see and control the desktop.
The skill installs and runs code from an unpinned external repository, while the supplied artifact set contains no implementation code for review.
install: - git clone https://github.com/AmrDab/clawd-cursor.git - cd clawd-cursor && npm install && npm run setup - cd clawd-cursor && clawdcursor start
Inspect the repository, package scripts, lockfiles, and network behavior before installing; prefer a pinned commit or release with reviewed source.
The user’s AI provider key may be used to process desktop screenshots or UI text and may incur provider usage costs.
The skill uses the agent’s configured AI provider credentials, which is expected for this integration but important for billing, quota, and data-access boundaries.
In OpenClaw, this skill inherits the active agent's AI provider + API key.
Confirm which provider/key will be used and use a limited or local provider for sensitive desktop tasks.
Private on-screen content could leave the machine when a cloud AI provider is selected.
The skill discloses that screen-derived data may be sent to the selected AI provider; this is purpose-aligned but sensitive because screenshots can include private information.
If using a cloud provider (Anthropic, OpenAI, Kimi), screenshots/text are sent to that provider's API only ... The user controls which provider is used.
Use local Ollama for sensitive workflows, or verify the selected provider’s privacy and retention settings before using cloud processing.
Other local processes may be able to reach the service if it is running and not otherwise protected.
The skill runs a local REST API for desktop automation. Binding to localhost is a useful restriction, but it is still a local service capable of controlling the GUI while running.
REST API binds to 127.0.0.1 only — not network accessible
Run it only when needed, stop it afterward, and verify any local authentication or access controls in the implementation.