Desktop automation ultra
WarnAudited by ClawScan on May 18, 2026.
Overview
This appears to be a real local desktop automation skill, but it gives an agent broad ability to read and control your screen, keyboard, mouse, clipboard, and macros without tight built-in scope.
Install only if you specifically need agent-driven desktop automation. Require confirmation before any non-dry-run action or macro playback, do not record while entering secrets, keep macros private, and consider using a separate low-risk desktop profile or VM.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad agent action could click buttons, type into the wrong app, submit forms, change files, or act in logged-in accounts through the visible desktop.
Safe mode is pattern-based, while non-dry-run actions directly perform real clicks and typing on the desktop. The artifacts do not show enforced app/window scope or per-action user approval for these high-impact UI actions.
dangerous_patterns = ["rm ", "del ", "C:\\Windows\\", "/etc/", "sudo"] ... pyautogui.click(x, y, button=button) ... pyautogui.typewrite(text, interval=interval)
Use this only with explicit user approval for non-dry-run actions, keep safe mode enabled, run it in a non-sensitive or isolated desktop session, and prefer publisher-side app/window allowlists and confirmation gates.
If recording is left on while entering secrets or private messages, those keystrokes may be saved to macro files and later replayed or exposed locally.
Macro recordings are persistent local data and reusable instructions. The risk is clearly disclosed, but recorded macros can contain secrets or sensitive context if used during private workflows.
The macro recorder captures **ALL** keyboard events (including passwords, credit card numbers, private messages) and window titles. ... Recorded macro files contain raw keystrokes
Never record during credential or private-data entry, store macros in a protected directory, delete old recordings, and treat macro files as sensitive executable instructions.
Installing and invoking the skill allows its bundled Python code to control the local desktop environment.
The skill entry point executes local Python code to perform automation. This is purpose-aligned, but users should understand that invoking the skill runs local automation code with their desktop permissions.
const result = spawnSync('python', args, { encoding: 'utf-8' });Review the local files before use, install dependencies in a virtual environment, and avoid running unreviewed modified versions.
A future package version or compromised dependency could change behavior in a tool that has sensitive desktop access.
The documented pip install path resolves packages using lower-bound version constraints for libraries that can read the screen, clipboard, and control input. This is common but increases dependency provenance/version drift risk.
pyautogui>=0.9.53; pygetwindow>=0.0.9; Pillow>=8.0.0; opencv-python>=4.5.0; pytesseract>=0.3.10; pyperclip>=1.8.2
Use a virtual environment, prefer pinned and hashed dependency versions, and install from trusted package indexes.