desktop-automation-100per100-local
WarnAudited by ClawScan on May 18, 2026.
Overview
This appears to be a real local desktop automation skill, but it gives an agent broad control of your screen, keyboard, mouse, clipboard, and macros, and some typed content may be stored locally in logs.
Install this only if you truly need full local desktop automation. Keep dry-run enabled for testing, require explicit approval before real clicks or typing, avoid recording or typing secrets, review/delete logs and macro files, and run it in a constrained profile or VM when possible.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could click buttons, type into apps, submit forms, change settings, or replay a macro in whatever desktop context is active.
The skill intentionally exposes real mouse/keyboard and macro execution over the whole desktop. This fits the stated purpose, but it is broad, high-impact authority and the artifacts do not show a mandatory user-approval gate before non-dry-run actions.
Automate desktop interactions without APIs: ... Click, type, drag, scroll ... Record and replay macros
Use only when you are present and can approve real actions; prefer dry_run first, keep sensitive apps closed, and consider running it in a separate OS profile or VM.
Sensitive text entered by the automation may remain in local log files even if you did not intentionally record a macro.
The type action logs the exact text it sends. Since the skill also documents persistent audit logging, passwords, tokens, or other sensitive text typed through the skill could be retained locally in logs.
logger.info("Typed: %s", text)Do not use the type action for passwords, tokens, or private messages unless logging is disabled or redacted; periodically review and delete automation logs.
Recorded macros may contain private text, window activity, or credentials if recording is left on during sensitive work.
Macro recording is clearly disclosed and purpose-aligned, but it can store raw keystrokes and mouse activity, including accidental secrets, in persistent local files.
This skill captures ALL keyboard and mouse events. ... Recorded macros are stored as JSON in `recorded_macro/` directory
Only record non-sensitive workflows, store macro files securely, and delete recordings that may contain private input.
The skill runs local code with the permissions of the current user account.
The Node entrypoint launches a local Python script. This is expected for the skill's Python automation implementation, but users should understand that installing the skill allows local Python code execution.
const result = spawnSync('python', args, { encoding: 'utf-8' });Install only from a source you trust and review the local files before enabling the skill.
Future package versions could change behavior or introduce dependency risk.
The requirements file uses lower-bound version ranges rather than exact pins, while the documentation elsewhere discusses tested versions. This can lead to dependency drift, though the packages are purpose-aligned.
pyautogui>=0.9.53 pygetwindow>=0.0.9 Pillow>=8.0.0 opencv-python>=4.5.0
Use a virtual environment and consider pinning exact dependency versions before installation.