Back to skill
Skillv1.2.0
VirusTotal security
pyautogui · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:55 AM
- Hash
- 9da9520c0dfc8db11884b55b9bf09ee0a9553425fabbac47e2c68f02d2a20050
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pyautogui Version: 1.2.0 The skill bundle provides extensive UI automation and image processing tools using PyAutoGUI, OpenCV, and RapidOCR. While the functionality is consistent with the documentation, the bundle is classified as suspicious due to the inherent high-risk nature of providing an AI agent with full mouse, keyboard, and screen capture capabilities. Additionally, several scripts (e.g., scripts/keyboard_mouse.py, scripts/image_utils.py, and scripts/cleanup.py) lack input sanitization for file paths, which could potentially be leveraged for unauthorized file writes or deletions of specific file patterns. No evidence of intentional malicious behavior or data exfiltration was observed.
- External report
- View on VirusTotal