Skillv1.0.0

ClawScan security

Doorstep Screen Control - 屏幕操控 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a desktop automation tool (screenshots, OCR, mouse/keyboard control) but it grants an agent sensitive live control of your machine and the instructions rely on user confirmation without enforcing it—review pairing, permissions, and autonomous invocation before installing.
Guidance: This skill does what it says (desktop visual automation) but is powerful: it can move your mouse, type, click, take screenshots, and (via OpenClaw Node) trigger local commands. Before installing: 1) Only pair the Node with gateways you fully trust and verify/approve pairing requests manually. 2) Treat this like granting remote control — do not install on machines with sensitive data or active sessions containing passwords/payments. 3) If possible, disable autonomous invocation or require explicit user confirmation for each action. 4) Review the node_pair.py and screen_control.py files (they are short) so you understand exactly what will run locally. 5) Ensure the OpenClaw pairing/approval process is followed and that any use of exec on the Node is restricted. If you need remote automation for non-sensitive tasks, this is reasonable; if you need to automate logins or posting credentials, prefer explicit, auditable automation rather than granting live control.

Review Dimensions

Purpose & Capability: okThe name/description match the included scripts and SKILL.md: pyautogui, mss, and optional pytesseract are appropriate for screenshotting, locating images/text, and mouse/keyboard control. node_pair.py invoking openclaw CLI is coherent with the 'OpenClaw Node' pairing described.
Instruction Scope: concernInstructions ask the agent to perform broad desktop operations (login automation, batch posting, opening apps, typing text, clicking). The SKILL.md recommends getting user confirmation before destructive ops, but there is no programmatic enforcement of confirmations. The setup guide also notes the Node can run local exec commands—this raises the potential for running arbitrary local scripts if pairing/approval is not tightly controlled.
Install Mechanism: okThere is no install spec and no external downloads; the skill is instruction-plus-local-scripts. That limits supply-chain risk, but the included scripts will be executed on the host when invoked.
Credentials: okNo required credentials or config paths are declared. The only environment variable referenced is an optional TESSERACT_PATH for OCR binary location, which is reasonable for the stated functionality.
Persistence & Privilege: notealways is false, but model invocation is allowed (platform default). Given the skill gives the agent direct control of mouse/keyboard and can drive the OpenClaw Node, autonomous invocations increase risk—consider restricting autonomous use or requiring explicit user approval for each session.