Desktop Control
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real desktop-automation skill, but it can click, type, read the screen/clipboard, and run multi-step actions across your whole computer without approval by default.
Install only if you intentionally want OpenClaw to control your desktop. Use a test account or VM, close sensitive apps, keep failsafe enabled, turn on per-action approval if available, and disable/redact logging before automating passwords, forms, financial sites, or public-posting workflows.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong task or screen, the agent could click buttons, type text, save/delete/change content, or submit actions in any open application.
The controller exposes broad mouse, keyboard, and hotkey control over the active desktop, while approval is disabled by default.
def __init__(self, failsafe: bool = True, require_approval: bool = False) ... pyautogui.click(...) ... pyautogui.write(text, interval=interval) ... pyautogui.hotkey(*keys, interval=interval)
Use only for explicit, supervised tasks; enable require_approval=True where possible, keep failsafe enabled, and run it in a VM or non-sensitive desktop session.
A mistaken plan could compound across windows or applications before the user notices, especially when typing, clicking, or launching apps.
The AI agent executes multi-step desktop plans through the controller without enabling approval mode, so one bad inference can lead to repeated actions until the step limit is reached.
self.dc = DesktopController(failsafe=failsafe) ... for step_num, step in enumerate(plan, 1): ... step_result = self._execute_step(step)
Prefer manual step review for autonomous tasks, set low max_steps values, and avoid using this on important accounts or production workflows.
Sensitive text entered through the automation may appear in local logs or agent transcripts.
The skill enables INFO logging and logs the content it types, which can include private form entries, account data, or passwords if users automate those workflows.
logging.basicConfig(level=logging.INFO) ... logger.info(f"Typed text: '{text[:50]}{'...' if len(text) > 50 else ''}' (interval={interval:.3f}s)")Do not use this to type secrets unless logging is disabled or redacted; change the logging level and avoid capturing typed content.
Users may install different package versions over time, and package provenance depends on the Python package source they use.
The documented setup uses manual, unpinned third-party package installation. This is expected for the purpose, but it is less controlled than a pinned install specification.
pip install pyautogui pillow opencv-python pygetwindow
Install dependencies from trusted sources and consider pinning versions in a controlled environment.