Skillv2.0.0

ClawScan security

Desktop automation ultra · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 8:45 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with a local desktop automation tool; the main risk is expected privacy exposure from recording/saving keystrokes and macros rather than unexplained or hidden capabilities.
Guidance: This skill appears to do what it says: local desktop automation and macro recording. Important things to consider before installing: - Privacy: the recorder captures ALL keyboard and mouse events (including passwords and sensitive text) and stores macros as JSON — never record while entering secrets and store macro files securely. - Metadata note: the registry metadata did not declare required binaries, but the skill requires Python in PATH and optional system packages (Tesseract, xclip/xsel) and Python packages from requirements.txt; ensure you have the appropriate runtime and review dependencies before installing. - Autonomy: the agent can invoke the skill autonomously by default. If you do not want automated UI actions to run without manual approval, restrict the skill's permissions or require manual invocation. - Local-only: the code and docs claim no network access; still inspect the shipped files yourself (they are included) for unexpected network calls before trusting them on a sensitive machine. - Recommended: run the included tests (scripts/test_automation.py) in a safe environment, use dry_run=true for initial testing, and review/rotate any stored macros (or encrypt them) if they may contain sensitive data.

Review Dimensions

Purpose & Capability: noteThe name/description (desktop automation, macro recording, OCR, image recognition) matches the shipped code and docs. One inconsistency: the registry metadata lists no required binaries, but the skill clearly expects a Python runtime (calls 'python' from skill.js, includes Python modules and a requirements.txt) and the README mentions system dependencies (Tesseract, xclip/xsel on Linux). This is a metadata omission but does not indicate hidden behavior.
Instruction Scope: okSKILL.md and the included scripts instruct only local actions (mouse/keyboard, screenshots, OCR, image matching, macro files, logs). The files and docs explicitly warn that the recorder captures ALL keyboard/mouse events and that macros are stored locally. There are no instructions to read unrelated system secrets or to send data to external endpoints.
Install Mechanism: noteNo automated install spec is present (user must place the folder in the skills directory and run pip install -r requirements.txt). That is lower-risk than remote installers, but users should be aware the skill expects pip/OS packages and optional system binaries (Tesseract). The package list is standard for this functionality and all code is included locally — no suspicious external download URLs were provided.
Credentials: okThe skill does not request environment variables or external credentials. Its use of cryptography (for password-protected macros) is reasonable for the documented feature. No unrelated secrets or cloud credentials are required.
Persistence & Privilege: okalways:false and normal autonomous invocation are used. The skill writes logs and macro files under user/home paths (e.g., recorded_macro/, ~/.openclaw/...), which is expected for this kind of tool. It does not attempt to modify other skills or system-wide agent settings in the provided code.