Back to skill
Skillv1.0.0
ClawScan security
dekstop-control-linux · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 2:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (Linux desktop automation); it doesn't request external credentials or weird installs, but it can control and record your GUI so use it only in trusted environments and be careful with approval settings.
- Guidance
- This skill does what it says: programmatic control of your Linux desktop. Before installing or enabling it, consider: (1) Only run it on machines you trust — it can capture screenshots, record the screen, read text (OCR), and type arbitrarily. (2) Keep require_approval=True unless you explicitly want automated/unattended control; examples that set require_approval=False will let the agent act without interactive confirmation. (3) Avoid embedding real credentials in presets or workflow steps you register with the skill; the skill will type whatever you give it and can replay recorded actions. (4) Review and install only the Python/system packages you trust (pyautogui, ffmpeg, wmctrl/xdotool, etc.). (5) If you want to limit risk, disable autonomous model invocation for this skill or restrict its use to supervised sessions.
Review Dimensions
- Purpose & Capability
- okName/description match the code and SKILL.md. The code implements mouse/keyboard/screenshot/recording/ocr/window ops and includes environment checks for X11/Wayland. No unrelated credentials, config paths, or unexpected binaries are demanded.
- Instruction Scope
- noteSKILL.md and the code focus on GUI automation and include reading screen contents (OCR), taking screenshots, recording, and reading /tmp/.X11-unix to detect DISPLAY. Examples show supplying credentials to login_form and running without approval (require_approval=False). The instructions do not direct data to external endpoints, but the skill can capture sensitive on-screen content and interact with apps, so its scope is broad by design.
- Install Mechanism
- okNo install spec is present (instruction-only skill with an included Python module). No downloads or external installers are embedded. Runtime does require common Python packages (pyautogui, pillow, etc.) and system utilities (scrot, xclip, wmctrl, xdotool, ffmpeg) which are reasonable for the declared functionality.
- Credentials
- noteThe skill requires no environment variables or secrets. It does access environment state (DISPLAY, WAYLAND_DISPLAY, XDG_SESSION_TYPE) and filesystem paths such as /tmp/.X11-unix. It can type provided passwords and read screen/clipboard contents — appropriate for automation but sensitive in practice. The declared requirements align with the functionality.
- Persistence & Privilege
- notealways:false and no code modifies other skills. However, the skill supports running with require_approval=False; combined with the platform default that allows model invocation, an agent could autonomously execute GUI actions (open apps, type, take screenshots). This is not an incoherence but is an important operational risk to consider.