Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pub Desktop
v1.0.0Advanced desktop automation with mouse, keyboard, and screen control. And also 50+ models for image generation, video generation, text-to-speech, speech-to-t...
⭐ 0· 183·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill is named/described as 'desktop-control' / desktop automation (mouse, keyboard, screen control) but the SKILL.md contains only documentation for a cloud API (https://api.heybossai.com/v1) for model invocation. There is no instruction or requirement for any desktop-control binaries, system-level access, or packages that would be needed to perform local desktop automation. This is an internal inconsistency — either the description is wrong or the implementation is missing/misleading.
Instruction Scope
SKILL.md instructs the agent to call many remote endpoints via curl using SKILLBOSS_API_KEY, including uploading audio (base64), files, and URLs and invoking models that can send email/SMS. The header lists allowed-tools: Bash and Read, which implies the agent may read local files and then send them to the remote API. Those actions go beyond mere model-selection docs: they permit reading and transmitting local data to an external service, which could lead to exfiltration of sensitive content.
Install Mechanism
No install spec and no code files — instruction-only. That minimizes on-disk install risk (nothing is downloaded or executed from arbitrary URLs).
Credentials
The skill only requires a single env var, SKILLBOSS_API_KEY, which matches the documented API usage. That single credential is proportionate to the documented cloud API calls — however, because the API is capable of accepting uploaded files and sending messages (email/SMS models), the key grants broad remote capabilities and should be treated as sensitive.
Persistence & Privilege
always:false and no install means no persistent system presence. However the skill allows networked model calls and (via allowed-tools) reading local files; if the agent is allowed to invoke skills autonomously, that combination increases blast radius. Autonomous invocation itself is standard, but you should be cautious because the skill can transmit data off-host.
What to consider before installing
This skill appears mislabeled: it advertises local desktop automation but only documents a cloud API (heybossai) that uses SKILLBOSS_API_KEY. Before installing, ask the publisher why desktop-control functionality is missing and where the local automation component is. Treat the SKILLBOSS_API_KEY as highly sensitive — the documented API can accept file uploads and models that send email/SMS, so the key could be used to exfiltrate data or perform external actions. If you expected local desktop control, do not install this skill. If you still want to proceed: (1) verify the publisher and the service privacy/security policies for heybossai, (2) run the skill in a restricted sandbox, (3) avoid giving it the 'Read' or file-access permission or disable autonomous invocation if possible, (4) use a scoped API key with minimal permissions and be ready to rotate/revoke it, and (5) request source or implementation details that actually provide the claimed desktop automation capabilities.Like a lobster shell, security has layers — review code before you run it.
latestvk97c55ksw5e64qs7j86e880c6d82rer3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvSKILLBOSS_API_KEY
Primary envSKILLBOSS_API_KEY