Orgo Desktop Control
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent but powerful Orgo cloud-desktop control skill; no artifact-backed malicious behavior was found, but users should supervise API-key use, remote commands, file sharing, streaming, and deletes.
Install this only if you need Orgo cloud-desktop automation and trust the publisher. Before use, review the included SDK, provide a limited/rotatable ORGO_API_KEY, confirm any file uploads, streams, browser logins, command execution, and deletes, and stop or delete cloud computers when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill can run arbitrary commands on an Orgo cloud computer and create, stop, restart, or delete remote resources, which may change remote state or incur costs.
The skill exposes broad remote command execution and destructive cloud-resource actions. This is central to the stated Orgo desktop-control purpose and includes confirmation guidance for deletes, but it is high-impact if used carelessly.
Execute bash or Python remotely ... result = computer.run_bash("ls -la") ... result = computer.run_python("print('hi')") ... computer.delete(force=True)Use it only for user-requested remote tasks, confirm destructive or costly actions, prefer minimal resources, and stop or delete cloud computers when finished.
Anyone or any agent with the API key or VNC password may be able to control Orgo resources or access the remote desktop session.
The skill requires an Orgo API key and can retrieve a VNC password. These credentials are expected for controlling Orgo desktops, but they grant meaningful account and session access.
compatibility: Requires internet access and ORGO_API_KEY ... password = computer.vnc_password()
Provide only a trusted, scoped, and rotatable Orgo API key; avoid exposing VNC passwords in chat or logs; revoke or rotate credentials after use if needed.
Sensitive files, screenshots, or streamed desktop contents could leave the local environment if uploaded, exported, analyzed by a vision model, or streamed.
The skill supports transferring files, screenshots, and desktop streams through Orgo or other downstream tooling. These flows are disclosed and purpose-aligned, but their data boundaries depend on user choices and provider configuration.
Upload/export files ... img_b64 = computer.screenshot() ... computer.stream_start("my-rtmp-connection")Confirm which files, screenshots, and streams are being shared; avoid sensitive data unless necessary; treat signed download URLs and stream endpoints as sensitive.
It is harder to verify that the wrapper is official or up to date before giving it an API key.
The skill includes a custom SDK wrapper but does not provide an official source or homepage in the supplied metadata. This is a provenance gap, not evidence of malicious behavior.
Source: unknown; Homepage: none
Inspect the full included `scripts/orgo_client.py`, compare endpoints and behavior with Orgo documentation, and install only if you trust the publisher.
Remote computers may retain state, files, or background jobs, and resources may remain allocated if not stopped or cleaned up.
The reference patterns document preserved VM state and background remote jobs. They are explicit and purpose-aligned, but long-running remote activity can continue until managed.
`OrgoComputer.__exit__` calls `stop()` — state is preserved for the next session ... computer.run_bash("nohup python3 train.py > /tmp/train.log 2>&1 &")Use explicit teardown steps, stop or delete VMs when done, clean exported files, and avoid unattended background jobs unless intended.