Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
my skill
v1.0.0Desktop automation via native OS accessibility trees using the agent-desktop CLI. Use when an AI agent needs to observe, interact with, or automate desktop a...
⭐ 0· 292·1 current·1 all-time
by迩康@darryek
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md clearly documents a desktop automation CLI (agent-desktop) that reads and manipulates macOS accessibility trees — this aligns with the described purpose. However the registry metadata (skill name 'my skill', slug 'aoto', owner IDs) does not match the tool identity in SKILL.md ('agent-desktop'), indicating packaging/branding inconsistency that should be resolved.
Instruction Scope
The runtime instructions tell the agent to snapshot UI trees, read element properties and clipboard, list/dismiss notifications, synthesize keyboard/mouse events, and perform coordinate clicks. Those actions are coherent for a desktop automation tool but are high-privilege: they let the agent read arbitrary on-screen content and control apps. The SKILL.md also instructs the user/agent to install the CLI and to grant Accessibility permission to the terminal — both expected but sensitive operations.
Install Mechanism
There is no formal install spec in the skill bundle, but SKILL.md instructs installing via 'npm install -g agent-desktop' or 'bun install -g --trust agent-desktop'. That is a reasonable, common install path, but the registry package metadata does not provide a homepage/source or verify the npm package name, so you should verify the npm package and its publisher before running the global install.
Credentials
The skill declares no environment variables or credentials (appropriate). It does require granting macOS Accessibility permission to the terminal, which is necessary for the claimed functionality but also grants broad read/control over the desktop; this privilege is proportionate to the feature set but sensitive.
Persistence & Privilege
The skill is not set to always:true. It can be invoked autonomously (platform default), which combined with desktop-control capabilities increases risk. Autonomous invocation alone is normal, but you should be aware that an agent using this skill could autonomously perform UI actions and read screen/clipboard data.
What to consider before installing
This skill appears to be documentation for a desktop automation CLI (agent-desktop) and can fully observe and control UI elements on macOS — a very powerful capability. Before installing or granting Accessibility permission: 1) verify the exact npm package name and publisher on the npm registry (inspect its source code and maintainers), 2) confirm the skill bundle's metadata (slug/owner) matches the published package or author—the bundle shows mismatched IDs and names which could indicate repackaging, 3) only grant Accessibility permission to a terminal you trust (do not add unknown terminal apps), 4) consider testing in an isolated machine or VM since the tool can read clipboard, notifications, and application UIs, and 5) if you are uncomfortable with autonomous agents controlling your desktop, disable autonomous invocation or restrict the skill until you can audit the installed CLI. If you want, provide the npm package URL or package.json from the CLI so I can help check the publisher and code surface for you.Like a lobster shell, security has layers — review code before you run it.
latestvk976p0jfc5g8ffmwvmjcz48rqd82dw1e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.