ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MacOS Desktop Control (Mouse, Keyboard, Screenshots)

v1.0.0

Automate macOS desktop by capturing screenshots and executing precise mouse movements, clicks, and keyboard inputs via cliclick.

2· 2.7k·35 current·38 all-time
byMatt@emptyopen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description claim macOS desktop control; the SKILL.md and the two wrapper scripts call macOS 'screencapture' and the cliclick binary at /opt/homebrew/bin/cliclick — these are exactly what's needed for screenshots and synthetic input. The brew install note for cliclick is proportionate. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions tell the agent to take a screenshot (/tmp/claw_view.png) and send arbitrary cliclick commands. That behavior is expected for the stated purpose, but it inherently allows broad access to all on-screen content and the ability to synthesize arbitrary mouse/keyboard events. The SKILL.md does not place limits (e.g., require user confirmation before input or restrict what gets captured), so the agent could perform any local GUI action or capture sensitive screen content if invoked.
Install Mechanism
There is no automated install spec; the SKILL.md simply advises 'brew install cliclick'. No downloads, obscure URLs, or archive extraction are present in the package. The included scripts are tiny wrappers that call standard system binaries. This is low-risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables, no credentials, and no config paths. All declared requirements (use of screencapture and cliclick) align with the functionality. No unrelated secrets are requested.
Persistence & Privilege
always is false (good). The skill is user-invocable and allows normal autonomous invocation (disable-model-invocation is false). Autonomous invocation combined with the ability to capture screenshots and synthesize input increases potential impact; this is expected for a desktop-control skill but worth considering when granting execution rights to an agent.
Assessment
This skill appears to do what it says (take screenshots and send cliclick commands) and contains only small wrapper scripts. However, it grants high local privileges: it can capture your screen and simulate mouse/keyboard actions. Before installing, consider: 1) only install if you trust the skill author (source is unknown); 2) the skill will require macOS accessibility/screen-recording permissions for cliclick and screenshots — review those permission dialogs carefully; 3) prefer user-invocation over autonomous runs (or require confirmation) so the agent cannot act without your consent; 4) verify the expected cliclick path (/opt/homebrew/bin/cliclick) or adjust wrappers if you installed via a different Homebrew prefix; 5) note that screenshots are written to /tmp/claw_view.png — check and rotate/remove sensitive captures. If you need stronger assurances, ask the author for provenance (homepage, source repo, or signed releases) or require the skill run only in a sandboxed/test account.

Like a lobster shell, security has layers — review code before you run it.

latestvk979e1tgrf52gjgsw7ghtweh0x81cz1r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments