Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
lazy
v1.0.0Optimized desktop automation with mouse, keyboard, and screen control
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (desktop automation) aligns with the included code: DesktopController provides mouse/keyboard/screenshot/window operations. However there are packaging inconsistencies: registry metadata (ownerId and slug) differs from _meta.json values, and the registry lists this as 'instruction-only' despite multiple code files and a requirements.txt. Those mismatches reduce confidence in provenance.
Instruction Scope
Most SKILL.md instructions stay within desktop automation. BUT ai_agent.py includes a _plan_with_llm path that converts screenshots to base64 and calls llm.generate(images=[img_b64]) — that will transmit full-screen images to whatever LLM client is supplied. The SKILL.md and docs do not clearly warn that screenshots may be sent to remote services. If a remote LLM client is used, sensitive screen contents could be exfiltrated.
Install Mechanism
No install spec in registry (instruction-only) but the bundle contains a requirements.txt referencing common PyPI packages (pyautogui, Pillow, opencv-python, pygetwindow, pyperclip, pyscreeze). Those are expected for this functionality and are from public registries (moderate risk). The absence of an explicit install step in the registry vs files present is inconsistent.
Credentials
The skill declares no required env vars or credentials, which is appropriate. However, the ai_agent supports plugging in an LLM client: using a networked/third-party LLM would require credentials outside the package and could transmit screenshots — the README doesn't document privacy implications or required/trusted LLM endpoints.
Persistence & Privilege
The skill does not request always:true, no config paths, and does not modify other skills or system-wide configs. Autonomous invocation is allowed (default) but that is normal; nothing in the package requests elevated persistent privileges.
What to consider before installing
This package implements desktop automation and largely behaves as advertised, but take these precautions before installing or enabling it: 1) Verify provenance — ownerId/slug in the registry differ from _meta.json; confirm you trust the publisher. 2) Review ai_agent.py carefully: its LLM planning path encodes screenshots as base64 and calls llm.generate(images=[...]) — if you supply a remote LLM client this will send full-screen images (possible sensitive data) to that service. Only wire this to a trusted, local, or privacy-preserving LLM. 3) Because the bundle contains code and a requirements.txt (PyPI packages), run it in a sandbox or VM first and inspect installed dependencies. 4) Use require_approval=True and keep failsafe enabled when testing so actions require explicit confirmation. 5) If you need higher confidence, ask the publisher to reconcile metadata, provide a signed release or official homepage, and to document exactly when/where screenshots or other data are transmitted. If those fixes aren’t available, treat the skill as potentially risky and test it in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk977cxbjp6tbvjj4cdpn9z4hx584xb9h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.