dekstop-control-linux
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill is clearly for Linux desktop control, but it gives broad ability to click, type, capture the screen, and automate logins, and its examples often turn off approval prompts.
Install only if you intentionally want an agent to control your Linux desktop. Prefer approval mode, use it in a test or isolated session, keep sensitive windows closed, verify the active window before credential entry, and review dependencies because the registry metadata does not fully declare them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly or invoked in the wrong context, the agent could interact with real desktop applications, type into the wrong window, submit forms, or capture visible private information.
The documented workflow disables approval and then opens pages, types credentials, navigates, and captures a screenshot. That is aligned with desktop automation, but it is broad, high-impact control without per-step user approval.
dc = DesktopControllerLinux(require_approval=False)
steps = [
{"action": "open_chrome", "url": "http://localhost:8000/login", "wait": 15},
{"action": "login_form", "email": "user@example.com", "password": "secret", "wait": 10},
{"action": "open_url", "url": "http://localhost:8000/target", "wait": 15},
{"action": "screenshot", "path": "/tmp/target.png"}
]
dc.run_steps(steps)Keep require_approval=True by default, use this only in a controlled desktop session, and require explicit user confirmation before login, form submission, file drag/drop, screenshot, recording, or other state-changing actions.
Even with approval mode enabled, at least this action can affect the active desktop without prompting first.
This visible action performs mouse movement and scrolling without calling _check_approval, which undercuts the documented claim of explicit approvals for desktop actions.
def scroll(self, clicks: int, direction: str = "vertical",
x: Optional[int] = None, y: Optional[int] = None) -> None:
if x is not None and y is not None:
pyautogui.moveTo(x, y)
if direction == "vertical":
pyautogui.scroll(clicks)
else:
pyautogui.hscroll(clicks)Add approval checks to every action that moves the pointer, scrolls, types, clicks, changes windows, captures screen content, or launches applications.
Credentials could be entered into the wrong page or window if focus, navigation, or automation state is incorrect.
The skill is intended to type login credentials into desktop/browser UI. That is purpose-aligned and no credential exfiltration is shown, but it uses the user's account authority through the active GUI session.
dc.login_form('user@example.com', 'password', wait_seconds=10)Only use credential-entry helpers on trusted local/test targets, confirm the active window before typing secrets, and avoid storing real passwords in workflow examples.
Private chats, documents, credentials, or account pages visible on screen could be captured into files or agent context.
The skill can capture screenshots, record the screen, and OCR on-screen text. This is expected for desktop automation, but it can expose private information visible on the user's screen and write it to local files.
print(dc.screenshot_to('/tmp/screen.png'))
...
print(dc.record_screen('/tmp/record.mp4', seconds=30))
...
text = dc.read_text_on_screen()Close sensitive windows before use, choose output paths deliberately, and treat screenshots, recordings, and OCR results as sensitive data.
Users may not have a clear upstream project to inspect or a complete registry-level dependency contract before installation.
The artifact provides no upstream source/homepage or install spec, while SKILL.md separately lists Python and system packages needed for operation. This is a provenance and dependency-declaration gap, not evidence of malicious behavior.
Source: unknown Homepage: none ... No install spec — this is an instruction-only skill. ... Required binaries (all must exist): none
Verify the included source and install only trusted dependencies such as pyautogui, pillow, scrot, xclip/xsel, wmctrl, xdotool, and ffmpeg from trusted package sources.