focusAI
WarnAudited by ClawScan on May 10, 2026.
Overview
FocusAI clearly says it monitors your screen, but it relies on an unreviewed local program and stores/uploads screenshots, so it needs careful review before use.
Only install or enable this if you trust the separate FocusAI program and the configured vision provider. Review the local start.bat and config first, use a dedicated limited API key, avoid monitoring sensitive screens, and confirm how screenshots and history can be deleted.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything visible on the user's screen during monitoring may be stored locally and sent to a cloud vision provider.
The skill discloses periodic screen capture and cloud upload. This is core to the purpose, but it can include passwords, documents, chats, emails, or confidential work, and the visible artifact does not define retention limits, redaction, app/window exclusions, or safe handling boundaries.
会定期截屏并发送至用户配置的视觉模型API(如通义千问、豆包等)进行分析。视觉模型运行在云端,非本地运行。
Use only if you are comfortable with screen contents being analyzed by the configured provider; close sensitive windows, use a limited API key, and ask the publisher to document retention, deletion, and exclusion controls.
The actual program that captures screenshots and handles API credentials is not present in the reviewed artifacts, so its behavior cannot be verified here.
The supplied package is instruction-only with no reviewed code or install spec, yet the skill tells the agent to launch a local batch file for a high-sensitivity screen-monitoring application.
Start-Process -FilePath "~/.openclaw/workspace/focusAI/start.bat" -WindowStyle Minimized
Install or run the referenced FocusAI program only from a source you trust, inspect the local files before launching, and avoid letting the agent start an unknown start.bat.
The configured provider key may incur charges and grants access to the selected vision model service.
A cloud vision API key is expected for this purpose and the skill says the bot should not read it, but the key enables paid or privileged provider access.
credentials: - name: cloud_vision_api_key ... storage_location: "~/.openclaw/workspace/focusAI/config.json(用户本地文件,Bot 仅检查是否存在,不读取内容)"
Use a dedicated, low-privilege API key with spending limits, and do not reuse keys that protect unrelated services.
If invoked incorrectly, the agent could change monitoring settings or start/stop capture unexpectedly within the local FocusAI service.
The agent is instructed to use a local control API that can start/stop monitoring and overwrite configuration. This is purpose-aligned, but users should be aware of the control surface.
Base URL: `http://127.0.0.1:8765/api` ... `POST /start` ... `POST /stop` ... `POST /config` | 覆写配置
Require explicit user confirmation before start, stop, or config changes, and keep the local service accessible only on trusted machines.
Screen monitoring may keep running in the background while the user forgets it is active.
The skill supports long-running background monitoring. It includes reminders and user confirmation, so this is not hidden, but it can continue after the initial request.
后台静默启动(最小化) ... 当用户选择后台静默模式时 ... 运行时间过长(>1.5h):用户可能忘了监控还在运行,及时提醒
Make sure there is a clear stop workflow, check periodically whether monitoring is active, and stop it before handling sensitive information.