Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawdCursor
v0.7.5OS-level desktop automation tool server. 42 tools for controlling any application on Windows, macOS, and Linux. Model-agnostic — works with any AI that can d...
⭐ 0· 25·0 current·0 all-time
by@amrdab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description and runtime instructions consistently describe an OS-level desktop automation server. The npm global install and the provided serve/mcp/start modes match the stated purpose of controlling GUIs and exposing tools over localhost.
Instruction Scope
SKILL.md instructs the agent to start the local server autonomously if it's not running ('don't ask the user'). The tool exposes functionality to read the screen, take screenshots, query windows, and automate input — which is expected for this purpose but carries broad access to sensitive local data. It also documents a token file (~/.clawdcursor/token) and an autonomous 'start' mode that will send screenshots/text to the user's configured AI provider, which could result in data leaving the machine depending on configuration.
Install Mechanism
Installation is via 'npm install -g clawdcursor' (documented in SKILL.md). Installing a global npm CLI is a typical distribution method for Node-based desktop tooling, but it runs third-party code with filesystem/exec privileges. The registry metadata shows three 'unknown' install specs (parser couldn't identify them) — not necessarily malicious but worth verifying the exact install steps and source before running.
Credentials
The skill declares no required environment variables or credentials, but it uses a token saved at ~/.clawdcursor/token for its REST endpoints and relies on the user's configured AI provider (which implies provider credentials held elsewhere). The skill itself does not request unrelated secrets, but it has the capability to read local files and capture screen contents — a high-privilege capability that is proportionate to desktop automation but sensitive in practice.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed (normal), but SKILL.md explicitly instructs the agent to start the server without asking the user. That gives the agent the ability to launch a long-running local service that can capture and transmit desktop data (depending on configuration). It does not appear to modify other skills or system-wide agent settings, however.
What to consider before installing
This skill appears to be what it says (a local desktop automation server), but it is powerful and should be treated like installing a program that can see and control your screen. Before installing: 1) Review the GitHub source and confirm the npm package name/version match the repo; 2) Prefer running it in a disposable VM or isolated account if you have sensitive data; 3) Understand it stores a token at ~/.clawdcursor/token and can take screenshots/read screen contents and (in 'start' mode) send them to your configured AI provider — verify where those provider credentials live and whether you trust that flow; 4) If you allow agent autonomous actions, consider disabling autonomous invocation or require explicit user confirmation before starting the server; 5) If unsure, use native APIs/CLIs/browser automation instead of screen-level automation.Like a lobster shell, security has layers — review code before you run it.
latestvk9776e9s4x3zf9389jx53gjx9184947s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.