Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
desktop-operator
v1.0.0Operate Electron desktop applications on macOS via Puppeteer CDP. Open an app, find a UI element by text, click it, and take a screenshot.
⭐ 0· 156·0 current·0 all-time
by@bondli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, README, SKILL.md, and the included Node script align: the script launches an Electron app from /Applications, opens a CDP port, uses Puppeteer to find/click text, and takes a screenshot. No unrelated credentials or external services are requested.
Instruction Scope
Runtime instructions stay within the stated scope (launch app, click element, screenshot). A few implementation details are not documented in SKILL.md: the script creates a directory under $HOME/openclaw-skill-data/desktop-oprator/ and uses the system /usr/sbin/screencapture. The script also kills processes with pkill -f "<appName>", which can be over-broad (it may match and terminate other processes whose command lines contain the app name).
Install Mechanism
No download-from-URL or remote installer is used. The package declares puppeteer dependencies in package.json (expected for this functionality). There is no install spec, so the user must provide Node and install dependencies manually; this is low-to-moderate friction but coherent for the task.
Credentials
The skill requests no credentials or special env vars. It reads HOME to create and write screenshots under $HOME/openclaw-skill-data/desktop-oprator/. It requires macOS Accessibility permission for Terminal (documented). These accesses are proportionate, but users should be aware the skill will write files and capture the screen (potentially sensitive information).
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges or modify other skills. It spawns/ detaches the target app and later attempts to terminate it; these behaviors are within the scope of a local automation tool.
Assessment
This skill appears to do what it claims, but review these practical cautions before installing: 1) You must run the script with Node and install puppeteer; ensure Node >=18 and dependencies are installed. 2) Granting Accessibility permission to Terminal is required; that permission allows the process to control the UI—only grant it to trusted code. 3) The skill will create and write screenshots to $HOME/openclaw-skill-data/desktop-oprator/ and will capture the entire screen using the system screencapture tool—do not run it when sensitive information is visible. 4) The script uses `pkill -f "<appName>"` to stop the app; ensure the provided app name is precise because pkill may match and terminate unrelated processes whose command line contains that substring. 5) The skill starts the app with a remote debugging port (9223); if you run other services that use the same port, conflicts may occur. If you need a stricter safety review, request: (a) a signed provenance or trusted source for this package, (b) a copy of the exact installed dependency tree (npm lockfile), and (c) assurance that screenshots are stored only in a secure location or removed after use.dist/index.js:110
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ap59fhmk26epfd0jb2jkaa983h0e6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.