my skill
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill is transparent about desktop automation, but it gives an agent very broad ability to read and control desktop apps once Accessibility permission is granted.
Install only if you intentionally want an agent to automate your desktop. Use a dedicated terminal with Accessibility permission, keep sensitive apps closed, verify the external agent-desktop package before installing it globally, and require manual approval for destructive, account-changing, or publicly visible actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could click, type, copy, close apps, manage windows, or act on visible UI in ways that modify files, settings, accounts, or messages if invoked on the wrong task or context.
This exposes broad desktop observation and mutation tools across GUI applications. The artifacts document good observe/verify habits, but do not bound use to specific apps or require explicit user approval before high-impact UI actions.
Use when an AI agent needs to observe, interact with, or automate desktop applications (click buttons, fill forms, navigate menus, read UI state, toggle checkboxes, scroll, drag, type text, take screenshots, manage windows, use clipboard).
Use only when broad desktop automation is intended, and require explicit confirmation before actions that submit, delete, purchase, send, change settings, close apps, or modify important data.
Granting this permission can let tools run from that terminal read and control other apps' UI, including sensitive windows or authenticated sessions visible on the desktop.
The required OS permission is cross-application and delegated to the terminal, so it is broader than a narrowly scoped permission for a single app or one automation task.
macOS requires explicit Accessibility permission for any process that reads or controls UI elements across applications... The permission is granted to the terminal application, not to agent-desktop itself.
Grant Accessibility only to a dedicated terminal/profile if possible, keep sensitive apps closed during automation, and revoke the permission when no longer needed.
The safety of the installed CLI depends on the external package source, version, and install-time behavior, not just this instruction-only skill.
The skill depends on a global external package, and the Bun option explicitly trusts package scripts. This is central to the stated purpose, but the package code is not included in the scanned artifact set.
npm install -g agent-desktop # or bun install -g --trust agent-desktop
Verify the package identity and publisher, prefer a pinned/audited version, and avoid `--trust` unless you are comfortable with the package's install scripts.