pyautogui
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a clearly disclosed desktop automation skill, but it can control your mouse and keyboard, capture the screen, and delete matching temporary files, so it should be used deliberately.
Install this only if you want the agent to control your desktop UI. Use a virtual environment, verify the active window before clicks or typing, avoid sensitive screens when taking screenshots/OCR, use overlay and dry-run cleanup workflows first, and require confirmation before submissions, deletions, purchases, or messages.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could click, type, paste, submit forms, or send messages in the focused window if instructed or if coordinates/matches are wrong.
The skill intentionally exposes broad UI automation, including automatic clicks based on screen matching/OCR. This is disclosed and purpose-aligned, but it can affect whichever application is active.
Mouse control (move, click, drag, scroll) ... Keyboard control (press keys, hotkeys, type text) ... python scripts/image_finder.py text "Send" --click
Use it only for intentional UI automation, verify the focused window and coordinates, prefer overlay/preview steps first, and require explicit confirmation before actions that submit, purchase, delete, or send content.
Granting Accessibility or admin privileges can let the automation process interact with many apps, not just one target app.
The documentation discloses that OS-level permissions may be needed. These permissions are expected for desktop automation but can allow broad interaction with the user’s session.
Windows | ✅ Full | May require admin permissions in some environments ... macOS | ✅ Supported | Requires Accessibility permission for Terminal/Python
Grant only the minimum OS permissions needed, use a dedicated terminal/environment where possible, and revoke Accessibility/admin access when you no longer need the skill.
A broad directory or custom pattern could remove generated screenshots or other matching files the user meant to keep.
The cleanup tool can delete multiple matching files. The normal clean mode is preview-by-default, but deletion is real with --execute and auto-clean deletes oldest matching files when thresholds are exceeded.
clean_parser.add_argument('--execute', action='store_true', help='真正执行删除(默认预览模式)') ... os.remove(f['path'])Run analyze or dry-run clean first, keep cleanup scoped to a dedicated output directory, avoid broad custom patterns, and back up important files before using --execute or auto-clean.
Future dependency versions may behave differently or introduce compatibility/security issues.
The dependency reference uses a lower-bound version rather than an exact pin. Installing PyAutoGUI is central to the skill’s purpose, but unpinned dependencies can resolve differently over time.
pyautogui>=0.9.54
Install dependencies from trusted package indexes, consider pinning exact versions in your environment, and use a virtual environment for this skill.