ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Macos Desktop Control

v1.5.3

macOS 桌面控制工具。截屏、进程管理、系统信息、剪贴板、应用控制。macOS desktop control via native tools (screencapture, ps, AppleScript). 仅支持 macOS。

0· 40·0 current·0 all-time
by@asa-zhang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The codebase (many shell and Python scripts) matches the stated purpose: screenshots, process/system info, clipboard, AppleScript automation, pyautogui mouse/keyboard control, image recognition, Vosk offline speech, and a local 'ControlMemory' store. However SKILL.md lists native binaries (screencapture/ps/osascript) and required macOS permissions while the registry metadata showed none — a mismatch. The inclusion of ClawHub sync, voting, contributor ranking, and review systems is more than a minimal desktop-control tool but can be coherent if the author intends local+optional community sync.
!
Instruction Scope
Runtime instructions ask the agent/user to run scripts that: 1) request Accessibility/AppleEvents/ScreenCapture permissions (expected for UI automation), 2) create shell aliases by appending to ~/.zshrc, 3) run setup_cron.sh to schedule periodic tasks, and 4) perform ClawHub sync operations. The ControlMemory system automatically records successful operations (including the executed script text) and the code includes a sync/upload path to a remote ClawHub endpoint. Scripts also provide examples for hardcoding or storing CLAWHUB_API_KEY. These behaviors extend beyond purely local UI control (they persist data and can transmit it remotely) and are not fully surfaced in the registry metadata.
Install Mechanism
This skill is instruction-only (no platform install spec) which lowers installer risk. It does include scripts to download Vosk models and suggests pip installs (pyautogui, opencv, vosk). The model download script appears to point to the official Vosk model site in docs; no shortened or obviously malicious URLs were identified in provided files. Still, running the included install.sh and download scripts writes files and may download ~50MB models — review the scripts before executing.
!
Credentials
Registry metadata declared no required environment variables or credentials, but the code and docs reference CLAWHUB_API_KEY and CLAWHUB_API_BASE and show instructions for setting them or hardcoding keys into scripts. That means network credentials may be used though they aren't declared up-front. The requested macOS permissions (Accessibility, AppleEvents, ScreenCapture) are proportionate to UI control but grant broad ability to observe and control the desktop. Combined with optional network sync and cron scheduling, this could enable sensitive data (operation records, possibly textual commands, and metadata) to be uploaded if an API key/endpoint is configured.
!
Persistence & Privilege
The skill does not set always:true, but it provides scripts to install a cron job (setup_cron.sh) that can run periodic syncing and other tasks. Natural-language and automation components also auto-record successful operations to controlmemory.md. These mechanisms can create ongoing background activity (automatic uploads to ClawHub when configured). That persistence combined with network sync capability increases risk if you don't trust the remote endpoint or the sync logic.
What to consider before installing
This package largely matches its macOS automation description, but review and proceed cautiously: - Do a quick code review of scripts/scripts/clawhub_sync.py and scripts/control_memory.py before running anything to confirm what data is uploaded and when. The ControlMemory entries include executed scripts/commands and may be sent to https://clawhub.com when configured. - The registry metadata did not declare CLAWHUB_API_KEY, but the code supports it — do NOT set or hardcode CLAWHUB_API_KEY unless you trust the remote service and have inspected the upload behavior. - Do not run setup_cron.sh or install.sh blindly. If you need scheduled automation, inspect the cron commands and consider running them manually in a controlled environment first. - Grant Accessibility/ScreenCapture/Automation permissions only if you trust the code; those permissions legitimately enable this functionality but also allow powerful control/observation of your desktop. - Avoid adding the suggested alias to your primary ~/.zshrc until you verify the workspace path and contents; prefer running scripts from a sandboxed directory first. - If you want to evaluate functionality safely: run the scripts in a disposable/test user account or VM, and run network calls through a proxy to observe outbound requests. If you do plan to use remote sync, audit the sync implementation and limit what is uploaded (or keep sync disabled). Confidence is medium because the repository contents align with the described functionality, but undocumented network/credential usage and automatic scheduling introduce nontrivial risk that requires user review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqzec35xac284r12yd5cqq98489z8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments