Control
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill is clearly meant for desktop automation, but it gives broad autonomous control over your screen, keyboard, clipboard, and logged-in apps, with sensitive logging and provenance issues.
Install only if you deliberately want a powerful desktop automation controller. Prefer running it in a VM or non-sensitive desktop session, keep the failsafe enabled, add explicit approval before actions, close or sign out of sensitive apps, avoid typing secrets, and verify the publisher/metadata mismatch before trusting it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, over-broad, or manipulated task could click, type, launch apps, or change data anywhere in the user's desktop session.
The AI layer wraps the desktop controller and can execute up to 50 planned steps from a natural-language task, while exposing only a failsafe setting and no clear per-action approval or app-scope boundary.
def __init__(self, llm_client=None, failsafe: bool = True): ... self.dc = DesktopController(failsafe=failsafe) ... def execute_task(self, task: str, max_steps: int = 50)
Use this only under supervision or in a sandbox/VM; add mandatory per-action approval, app allow-lists, and explicit user confirmation before clicks, typing, file changes, submissions, or app launches.
The skill could act through already-signed-in accounts or sensitive desktop apps as if it were the user.
The guide presents account- and data-affecting actions through the user's active desktop session, but the artifacts do not define credential/session boundaries or review requirements for public posts and submissions.
agent.execute_task("Fill out the job application with my resume data") ... agent.execute_task("Post this image to Instagram with caption 'Beautiful sunset'")Avoid using it while signed in to sensitive accounts unless actions are explicitly reviewed; require confirmation before posting, submitting forms, sending messages, or changing account data.
Sensitive text typed by the skill may appear in logs or console output.
The controller logs the beginning of every string it types at INFO level, which can capture passwords, form data, messages, or other sensitive text.
logging.basicConfig(level=logging.INFO) ... logger.info(f"Typed text: '{text[:50]}{'...' if len(text) > 50 else ''}' (interval={interval:.3f}s)")Remove or redact typed-content logging, lower default log verbosity, and do not use the skill to type secrets unless logging is disabled.
Private information visible on screen during automation can be captured in result objects or saved by downstream code.
The autonomous execution loop captures before/after screenshots for each step and stores them in the returned result; this is useful for verification but may include private screen contents.
screenshot_before = self.dc.screenshot() ... screenshot_after = self.dc.screenshot() ... result["screenshots"].append({Close or hide sensitive windows before use, prefer region-limited screenshots, and avoid sharing logs/results that may contain screenshots.
Users have less assurance that the reviewed package identity matches the registry listing they intend to install.
The bundled metadata conflicts with the supplied registry metadata, which lists a different owner ID and slug. That creates package identity/provenance ambiguity for a high-privilege skill.
"ownerId": "kn7ag28ra4hhta8bx2k2j1kpv180kqbk", "slug": "desktop-control"
Verify the publisher and source before installing; the package metadata should be corrected to match the registry entry, and dependencies should be pinned in an install spec.