ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Peekaboox

v1.0.0

Control and automate the Linux desktop GUI on X11. Use this skill to take screenshots, find and click UI elements, type text, send keyboard shortcuts, scroll...

2· 635·1 current·1 all-time
byGerardo Di Giacomo@gedigi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (X11 desktop automation) matches what the files do: scripts call xdotool, wmctrl, scrot, xprop, import, etc. Required binaries (xdotool, wmctrl, scrot) and DISPLAY are appropriate and expected.
Instruction Scope
SKILL.md and scripts instruct only X11-focused actions (screenshots, window listing, clicking, typing, hotkeys, scrolling, window management). There are no instructions to read unrelated files, collect unrelated env vars, or post data to external endpoints. The guidance to set DISPLAY or use Xvfb is reasonable.
Install Mechanism
install.sh uses system package managers (apt/dnf/pacman) to install well-known packages; no arbitrary URL downloads or archives. The script requires sudo for package installation which is expected for system-level binaries.
Credentials
The only declared env var is DISPLAY, which is appropriate. However, the skill inherently has high-impact capabilities (captures screenshots, sends keystrokes, clicks, window control) and therefore can access sensitive on-screen data (passwords, messages). This capability is proportional to the purpose but carries user-risk if used in an untrusted environment.
Persistence & Privilege
No always:true, no modifications to other skills or global agent config. The skill is user-invocable and can be invoked autonomously per platform default, which is expected for skills of this type.
Assessment
This skill appears coherent and implements X11 desktop automation using standard tools. Before installing: (1) be aware it can capture screenshots and simulate clicks/typing — do not run it in sessions with sensitive content unless you trust the skill and agent. (2) install.sh uses sudo to add system packages; review it if you need to limit package installs. (3) Test in a non-sensitive environment first (or in a VM/container). (4) Note it only supports X11 (not Wayland). If you need stricter controls, run the scripts locally yourself and avoid granting the agent autonomous access to call them against a live desktop with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c4tmxwcxq6vqh4smjzmyfsx81edwq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥 Clawdis
OSLinux
Binsxdotool, wmctrl, scrot
EnvDISPLAY

Comments