PyAutoGUI Controller
ReviewAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts describe a real local desktop-control tool, not an obvious malware pattern, but it can click, type, launch apps, and keep local automation state.
Use this only if you trust the local Python project and want direct control of your Windows desktop. Keep sensitive apps and logged-in sites out of scope, avoid broad unattended instructions, do not configure custom DOM bridge/CDP settings unless trusted, and clear runtime screenshots/browser state after sensitive sessions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A vague or mistaken command could click, type, or submit something in the wrong window.
The skill is intentionally allowed to control the local desktop and browser UI. That matches its purpose, but mistakes can affect real apps or pages.
Use when the user wants natural-language UI automation on this machine: screenshots, opening apps, browser navigation, clicking inputs/buttons, typing text, and simple multi-step desktop workflows.
Use it only for explicit desktop-control tasks, keep sensitive windows out of focus, and review high-impact actions before asking it to run them.
If BROWSER_DOM_BRIDGE_CMD is set to an untrusted command, browser automation could run that local command.
The DOM backend can execute an environment-configured bridge command. The default is the included local Playwright bridge and it does not use shell=True, but an untrusted environment value would change what runs.
self.bridge_cmd = os.environ.get("BROWSER_DOM_BRIDGE_CMD", "").strip() ... subprocess.check_output(command + [json.dumps(payload, ensure_ascii=False)], stderr=subprocess.STDOUT, timeout=20)Do not set BROWSER_DOM_BRIDGE_CMD unless it points to a trusted, reviewed bridge; disable the DOM backend if you do not need it.
If configured to attach to your live browser, the skill could act inside logged-in websites under your account.
The Playwright bridge can optionally attach to an existing Chromium session, so browser actions may run with whatever accounts are already logged in there.
DOM_BRIDGE_CDP_URL=http://127.0.0.1:9222 # optional, attach existing chromium session
Prefer a separate Playwright profile for automation, and only attach to an existing browser session when you trust the task and understand which account is active.
Sensitive information visible on the screen may be saved locally during automation.
The verifier can write screen-state screenshots to local files. This is expected for visual automation, but screenshots can contain sensitive on-screen information.
path = self.capture.screenshot_to_file(prefix="state", region=region)
Avoid running it on sensitive screens, and periodically clear local runtime screenshot/state directories if privacy matters.
You have less registry-level assurance about where the controller came from and what dependencies/environment settings it expects.
The registry metadata provides limited provenance and does not fully declare the runtime expectations visible in SKILL.md and code. For a desktop-control skill, users should verify the local files and dependencies.
Source: unknown; Homepage: none; Required binaries ... none; Env var declarations: none
Install only from a trusted copy, review the local project directory, and confirm Python dependencies before using it for sensitive desktop tasks.