Claude Code Launcher
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated launcher purpose, but it uses broad Mac UI automation and has unsafe project-path handling plus persistent full-screen screenshots that could expose sensitive session details.
This skill appears intended to do what it advertises, not to hide exfiltration or destructive behavior. Before installing, be comfortable granting Mac screen/control permissions, use it only on trusted project paths, watch the launch process, and delete or protect saved screenshots/logs that may contain session URLs or QR codes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening an unusually named or attacker-controlled project folder could cause Terminal to run commands other than the intended cd command.
The script takes the project path from the first argument, validates only that it is a writable directory, and then types it into a shell command in Terminal. A crafted directory name containing shell syntax such as command substitutions or embedded quotes would be interpreted by the target shell when the typed command runs.
PROJECT_PATH="${1:-.}" ... peekaboo type "cd \"$project\"" --app Terminal --returnEscape the path for the target shell, for example with printf %q plus cd --, or avoid typing shell text entirely by launching Terminal with a safely passed working directory. Reject paths containing shell metacharacters until this is fixed.
The saved image may include the Remote Control URL or QR code and could also capture unrelated private information visible elsewhere on the screen.
The launcher stores screenshots persistently under the OpenClaw logs directory and captures the whole screen rather than only the Claude Code window.
SCREENSHOT_DIR="${HOME}/.openclaw/workspace/logs/claude-code-launcher" ... peekaboo image --mode screen --path "$output_file"Capture only the intended Terminal window, ask before saving screenshots, redact session URLs/QR codes, restrict file permissions, and document or implement cleanup.
Granting these permissions lets the automation observe the screen and drive Terminal actions during launch.
The skill openly relies on UI automation that can type into Terminal, press keys, and capture the screen. This is central to the launcher purpose, but it is a broad local-control capability.
Main automation script using Peekaboo CLI for: Terminal window management; Keyboard/text input automation; Screenshot capture ... Permissions: Screen Recording + Accessibility enabled
Install only if you trust the skill, keep the Terminal session visible while it runs, and revoke Accessibility/Screen Recording permissions if you no longer need the launcher.
The launched session may expose the selected project to Claude Code and make the session reachable from another device via the session URL or QR code.
The skill is designed to use the user's Claude Code session and make it remotely accessible. That is expected for this purpose, but it affects the user's authenticated Claude workspace and project context.
Remote Control session active and shareable ... Full context of your project available to Claude ... Access from any device
Use it only with projects you intend to open in Claude Code, confirm you are signed into the correct Claude account, and close or revoke Remote Control sessions when finished.
Users depend on the integrity of those external packages and their current published versions.
The documentation directs users to install external CLI tools from package managers, including a Homebrew tap and a global npm package. These installs are user-directed and purpose-aligned, but they are not pinned in the artifacts.
brew install steipete/tap/peekaboo ... npm install -g @anthropic-ai/claude-cli
Install dependencies from official sources, verify package names and maintainers, and consider pinned or checksum-verified installation instructions.