Windows Execution Interface for OpenClaw
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: clawdos Version: 2.1.1 The 'clawdos' skill provides a CLI wrapper for a remote Windows automation API, granting high-risk capabilities including arbitrary shell command execution (shell_exec), full file system access (read/write/delete), and screen monitoring. While these functions are documented as the skill's intended purpose and include mentions of a server-side sandbox, the inherent risk of remote code execution and data manipulation on the target Windows host via scripts/clawdos.py warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent could run PowerShell or cmd commands that install software, change configuration, modify files, or otherwise affect the Windows host.
The CLI forwards caller-provided arguments directly to a remote shell execution endpoint. This is purpose-aligned, but it gives an agent broad ability to mutate the Windows host without client-side confirmation or command scoping.
elif action == "shell_exec":
res = api_post("/v1/shell/exec", kwargs)Use only on a dedicated or disposable Windows environment, require explicit per-command approval, and avoid exposing the Clawdos service beyond trusted local/network boundaries.
Users must trust an external Clawdos server implementation for authentication, sandboxing, and host safety, but those controls are not reviewable in the supplied artifacts.
For a high-impact remote automation skill, the registry does not provide source or homepage provenance. The supplied package is only the client, while the safety model depends on a separate Windows service.
Description: Windows automation via Clawdos API: screen capture, mouse/keyboard input, window management, file-system operations, and shell command execution. Source: unknown; Homepage: none
Only use a Clawdos server obtained from a trusted, auditable source; verify its sandbox behavior, bind it to a restricted interface, and protect the API key.
Anyone who can use or obtain this API key may be able to control the configured Windows host through the Clawdos service.
The skill uses an API key from the environment to authenticate every privileged Clawdos request. This is expected for the integration, but the key gates powerful host-control authority.
API_KEY = os.getenv("CLAWDOS_API_KEY", "")
...
return {"X-Api-Key": API_KEY}Store the API key securely, rotate it if exposed, and configure the Clawdos service with the least privilege and narrowest network access possible.
Passwords, documents, chats, or other private information visible on the Windows desktop could be captured or processed by the agent.
The documentation clearly discloses that screenshots and window inspection can expose visible sensitive information to the agent context or saved outputs.
Visual actions (`screen_capture`, `window_list`, `window_focus`) can observe active GUI content. If sensitive information is visible on screen, it may be captured.
Close or hide sensitive windows before use, save screenshots only when necessary, and avoid using this skill on hosts displaying confidential data.