Open Computer Use
ReviewAudited by ClawScan on May 14, 2026.
Overview
This instruction-only skill is coherent for setting up a desktop-control MCP service, but users should understand it grants agents powerful local screen and input access.
Install this only if you want an AI agent to help operate your real desktop. Verify the npm package and repository, connect it only to trusted MCP clients, grant OS permissions deliberately, and keep human approval enabled for actions that send, delete, purchase, install, or expose sensitive information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An authorized agent could interact with the user's actual desktop, including typing into apps or clicking controls.
The skill exposes tools that can read desktop state and perform real user-interface actions. This is the core purpose, but misuse could affect real apps or data.
tools such as `list_apps`, `get_app_state`, `click`, `type_text`, `press_key`, `scroll`, `drag`, and `set_value`
Use only with trusted agent runtimes and require explicit confirmation before submitting forms, deleting data, sending messages, changing settings, or making purchases.
Granting these permissions may let the tool view on-screen information and control applications during use.
Accessibility and Screen Recording are broad local privileges that let software observe and control the desktop. They are expected for this tool, but users should understand their scope.
On macOS, run it once and grant Accessibility and Screen Recording permissions
Grant permissions only to the expected Open Computer Use process, review OS privacy settings, and revoke access when no longer needed.
The security of the installed tool depends on the external npm package and its updates.
The setup depends on installing a global npm package that is not bundled in the skill artifacts. This is a normal installation method, but the reviewed skill does not include the package contents.
npm i -g open-computer-use
Verify the npm package and linked repository before installing, and consider pinning a known version in controlled environments.
Any trusted MCP client configured to use this server may be able to request screen/app state and perform desktop actions.
The service is meant to be connected to MCP-capable agent clients. That connection can pass desktop state and action authority to the configured agent runtime.
"mcpServers": { "open-computer-use": { "command": "open-computer-use", "args": ["mcp"] } }Configure the MCP server only in agent clients you trust, and avoid leaving it enabled where untrusted prompts or workflows can drive desktop actions.