Windows Desktop Automation CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a clearly disclosed Windows desktop automation tool, but it can click, type, close windows, and read screen or clipboard content, so it should only be used with explicit user approval.
Install only if you need Windows desktop automation. Use it only for explicit tasks, confirm all clicks/typing/hotkeys/window-close actions, verify the target window, keep sensitive apps and clipboard contents out of scope, and review optional Python dependencies before installing them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused or approved on the wrong target, the skill could interact with applications, submit forms, send messages, or close work in the active Windows session.
The skill can perform high-impact desktop actions such as clicking, typing, hotkeys, and closing windows. The behavior is disclosed and bounded by confirmation guidance, so this is a purpose-aligned note rather than a concern.
This skill directly controls Windows desktop through mouse/keyboard simulation. **Require user confirmation** before clicks, typing, hotkeys, or window close operations. Use `--dry-run` to preview.
Use dry-run where possible, verify the target window ID and action, and confirm each click, typing, hotkey, or close operation before allowing it.
Sensitive information visible on screen or stored in the clipboard may be exposed to the agent, and text from applications could influence later agent decisions if treated as instructions.
The skill can bring window text, OCR output, screenshots, and clipboard text into the agent context. This is expected for desktop automation, but the captured content may be private or may contain untrusted instructions from applications.
`snapshot` | Get HWND/UIA/OCR structure ... `screenshot` | Capture window screenshots ... `clipboard` | Copy files/text, get text
Close sensitive apps before use, avoid reading the clipboard unless needed, and treat captured screen or OCR text as untrusted content rather than as instructions.
Installing optional dependencies from the public package ecosystem can introduce ordinary dependency risk if packages are not verified.
Optional external Python packages are used for image matching and OCR. These dependencies are purpose-aligned, but generic pip installation guidance means users should verify package provenance and versions.
"opencv-python is required for image matching. Install with: pip install opencv-python" ... "wx-ocr is required for OCR. Install with: pip install wx-ocr"
Install dependencies from trusted sources, prefer pinned versions or a reviewed requirements file, and only install optional OCR/image-matching packages if those features are needed.