ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Screen Vision

v1.2.0

macOS screen OCR & click automation via Apple Vision + ScreenCaptureKit. Capture any window or screen region, extract text with coordinates, find text, and c...

0· 253·1 current·1 all-time
byJack Yun@jackyun1024
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (macOS screen OCR + click) match the included instructions and setup script: the script installs a 'screen-vision' binary (Homebrew, GitHub release, or source build) and 'cliclick' for automation. No unrelated services, credentials, or config paths are requested.
Instruction Scope
SKILL.md limits actions to running the CLI and parsing its output (list, ocr, find, tap, wait). It explicitly requires macOS 14+ and Screen Recording permission. There are no instructions to read unrelated files, exfiltrate data, or contact unexpected endpoints.
Install Mechanism
Install is handled by the included setup.sh (no separate install spec). The script uses Homebrew where available, otherwise downloads a tarball from the project's GitHub releases or clones/builds the repo via git/swift. Those are typical approaches, but the curl|tar extraction into /usr/local/bin and building from remote source are operations that write binaries to disk and should be reviewed before running.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The setup script does not attempt to read or require unrelated secrets or environment variables.
Persistence & Privilege
The skill is not forced-always and does not modify other skills. The setup script installs binaries into /usr/local/bin (write to system path) and instructs the user to grant Screen Recording permission to the terminal app — both are expected for a screen-capture tool but are elevated actions that require user consent and attention.
Assessment
This skill appears to do what it says: it installs a CLI that captures screen contents and can simulate clicks. Before installing, review the upstream GitHub repository and release you will download (setup.sh references the project's GitHub releases). Prefer the Homebrew path when possible, or build from source yourself if you want maximum assurance. Be aware you will need to grant Screen Recording permission to your terminal; that permission allows the tool to capture any visible screen content, so avoid running it when sensitive information is displayed. Also note the setup script extracts a tarball into /usr/local/bin (may require elevated rights or fail depending on permissions) and the script references release v1.0.0 while the registry metadata is v1.2.0 — verify you are installing the intended version. If you are uncomfortable granting screen-recording access or installing binaries from an external release, do not run setup.sh and instead inspect or build the code locally first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bf0mprhbkfgess56k5hsy358393ax

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments