Windows Execution Interface for OpenClaw
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is openly a powerful remote Windows-control interface, but it can run arbitrary commands and depends on unreviewed external Clawdos service behavior for its safety boundaries.
Install this only if you intentionally want OpenClaw to control a Windows host. Use a trusted Clawdos server, keep it network-restricted, protect the API key, and require explicit approval before shell commands, deletions, uploads, downloads, or screenshots.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent could run PowerShell or cmd commands that install software, change configuration, modify files, or otherwise affect the Windows host.
The CLI forwards caller-provided arguments directly to a remote shell execution endpoint. This is purpose-aligned, but it gives an agent broad ability to mutate the Windows host without client-side confirmation or command scoping.
elif action == "shell_exec":
res = api_post("/v1/shell/exec", kwargs)Use only on a dedicated or disposable Windows environment, require explicit per-command approval, and avoid exposing the Clawdos service beyond trusted local/network boundaries.
Users must trust an external Clawdos server implementation for authentication, sandboxing, and host safety, but those controls are not reviewable in the supplied artifacts.
For a high-impact remote automation skill, the registry does not provide source or homepage provenance. The supplied package is only the client, while the safety model depends on a separate Windows service.
Description: Windows automation via Clawdos API: screen capture, mouse/keyboard input, window management, file-system operations, and shell command execution. Source: unknown; Homepage: none
Only use a Clawdos server obtained from a trusted, auditable source; verify its sandbox behavior, bind it to a restricted interface, and protect the API key.
Anyone who can use or obtain this API key may be able to control the configured Windows host through the Clawdos service.
The skill uses an API key from the environment to authenticate every privileged Clawdos request. This is expected for the integration, but the key gates powerful host-control authority.
API_KEY = os.getenv("CLAWDOS_API_KEY", "")
...
return {"X-Api-Key": API_KEY}Store the API key securely, rotate it if exposed, and configure the Clawdos service with the least privilege and narrowest network access possible.
Passwords, documents, chats, or other private information visible on the Windows desktop could be captured or processed by the agent.
The documentation clearly discloses that screenshots and window inspection can expose visible sensitive information to the agent context or saved outputs.
Visual actions (`screen_capture`, `window_list`, `window_focus`) can observe active GUI content. If sensitive information is visible on screen, it may be captured.
Close or hide sensitive windows before use, save screenshots only when necessary, and avoid using this skill on hosts displaying confidential data.