Handsfree Windows Control
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill transparently enables broad desktop and browser automation, but its first-use setup can install changing, unpinned code from GitHub before use.
Review or pin the GitHub repository before running setup, preferably install it in a virtual environment, and use a dedicated browser profile or test account. Be especially careful before allowing the agent to click, type, submit, delete, send, or run macros in real apps or signed-in websites.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run desktop and browser automation code that has changed since review, with the permissions of the local user.
The setup script installs code from a live GitHub repository and updates it to latest without a pinned commit, tag, lockfile, or hash. The installed code is outside the reviewed artifact set and can change after this review.
REPO_URL = "https://github.com/lijinlar/handsfree-windows.git" ... ["git", "clone", REPO_URL, str(install_dir)] ... ["git", "pull", "--ff-only"] ... [sys.executable, "-m", "pip", "install", "-e", str(install_dir)]
Pin the GitHub dependency to a reviewed commit or release, use locked package versions, and ask the user to approve setup before running it.
Setup can modify the Python environment, download browser binaries, and prepare automation tooling on the machine.
The skill clearly documents a first-use installer that runs local commands, installs Python packages, and downloads browser binaries. This is expected for the automation purpose, but it is significant code execution.
On first use, run setup before issuing any other commands: python scripts/setup.py ... This will: 1. Clone ... 2. Install it via pip install -e ... 3. Install Playwright + Chromium browser binaries
Run setup only after reviewing the installer and dependency source, and prefer a dedicated virtual environment.
If used on the wrong window, site, or account, the agent could change local app state or web account data.
The CLI can click and type in desktop apps, record/replay macros, and evaluate JavaScript in browser pages. These are broad automation powers, but they are aligned with the skill's stated purpose.
`click ...`, `type ...`, `record --out <macro.yaml>`, `run <macro.yaml>`, `browser-eval --js "<javascript expression>"`
Use the skill only for intended apps/sites, inspect targets before acting, and require explicit confirmation for submissions, deletions, sends, purchases, or other irreversible actions.
The agent may be able to access websites where the persistent profile remains signed in.
The skill stores browser login sessions in its own persistent profile. This is disclosed and purpose-aligned, but it means browser automation can later operate as the logged-in user.
Browser persistent profiles: `~/.handsfree-windows/browser-profiles/<engine>/` Contains cookies and login sessions. Delete to reset browser auth.
Use a dedicated browser profile or test account where possible, and delete the profile directory after sensitive sessions.
Later tasks may resume from previous browser state or reveal prior browsing context.
The skill keeps browser state across runs. Persistent state is disclosed and scoped to the skill directory, but it can carry context from one task into later browser automation.
Browser session state: `~/.handsfree-windows/browser-state.json` (last visited URL)
Clear the skill's browser state and profile directories when switching tasks, accounts, or users.