Remote Desktop
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only remote desktop skill is coherent and security-aware, but users should review the remote-access commands, credential handling, and saved host profiles before using them.
This skill appears purpose-aligned and instruction-only. Before using it, confirm that any remote desktop, SSH tunnel, firewall, or service command applies to a machine you control or are authorized to access. Prefer SSH tunnels or VPNs over direct RDP/VNC exposure, do not paste real passwords into command examples, and save host profiles only when you are comfortable keeping hostnames, usernames, and tunnel details on disk.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands on the wrong machine or network could make remote desktop services reachable by unintended parties.
The troubleshooting guide includes commands that can open remote desktop ports on a machine. This is relevant to the skill's purpose, but it can materially change network exposure if applied broadly.
sudo ufw allow 3389/tcp # RDP sudo ufw allow 5901/tcp # VNC :1
Only run firewall or tunnel commands after confirming the target, network scope, and authorization; prefer SSH tunneling or VPN as the skill recommends.
A copied command containing a real password could leave that password visible on the local system.
The skill gives a command example that includes a password placeholder on the command line. Remote credentials are expected for this purpose, but command-line passwords can be exposed through shell history or process listings.
xfreerdp /v:HOST /u:USER /p:PASS /size:1920x1080 /dynamic-resolution
Avoid putting real passwords directly in commands when possible; use interactive prompts, SSH keys, a system keyring, or client-specific safer credential options.
Saved profiles could reveal internal hostnames, IP addresses, usernames, and network paths to anyone with access to the local account.
The skill stores persistent host profiles containing host addresses, usernames, and tunnel commands. The artifact says this is consent-based and excludes passwords, so it is purpose-aligned but still sensitive.
If yes, save to `~/remote-desktop/hosts/`: ```markdown host: 192.168.1.50 protocol: rdp user: admin tunnel: ssh user@jumphost -L 3389:192.168.1.50:3389
Save profiles only for trusted machines, avoid storing secrets, and periodically remove host entries that are no longer needed.