Computer Use
Security checks across malware telemetry and agentic risk
Overview
This skill does what it says, but it installs persistent remote-desktop automation services with weakly bounded network access and system-wide desktop changes.
Treat this as a powerful remote-control desktop environment, not a lightweight helper. Install it only on a dedicated headless Linux server or VM, lock VNC/noVNC behind localhost plus SSH tunneling or a firewall, add authentication, and know how to disable the systemd services and restore changed desktop files.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone who can reach the exposed VNC/noVNC service may be able to view and control the virtual desktop.
The setup creates persistent VNC and browser-accessible noVNC services, but the service definitions do not show a VNC password, TLS, firewall rule, or localhost-only bind for the browser proxy. If reachable on the network, this can expose full desktop control.
ExecStart=/usr/bin/x11vnc -display :99 -forever -shared -rfbport 5900 -noxdamage -noxfixes -noclipboard ... ExecStart=/usr/share/novnc/utils/novnc_proxy --vnc localhost:5900 --listen 6080 --heartbeat 30
Run this only on a locked-down host. Bind VNC/noVNC to localhost, require authentication, use SSH tunneling or a firewall, and disable the services when not needed.
The desktop-control environment may remain active after the task is finished or after a reboot.
The skill installs auto-restarting systemd services and enables them at boot, so the remote desktop and automation environment persist beyond a single user request.
Restart=always ... sudo systemctl enable xvfb xfce-minimal x11vnc novnc
Install only if persistent operation is intended, and add clear stop, disable, and uninstall steps such as disabling the systemd services and removing generated files.
On a non-disposable or shared machine, the setup could break or change the regular desktop environment.
The setup masks the system-wide xfdesktop executable rather than only changing the virtual display session. This can affect normal XFCE sessions or other users on the host.
sudo mv /usr/bin/xfdesktop /usr/bin/xfdesktop.real ... sudo tee /usr/bin/xfdesktop
Use a container, VM, or dedicated headless server, and provide a rollback path that restores /usr/bin/xfdesktop and removes the installed services.
Users may over-trust the tool for stealthy web automation or use it in ways that violate website policies.
The description promotes undetectable website automation. That is not necessary to explain headless desktop control and could encourage bypassing site automation rules or anti-bot controls.
operates at the X11 level so websites cannot detect automation
Use this only where automation is permitted, and avoid relying on claims that websites cannot detect it.
Running setup grants the script administrative ability to change the host system.
The setup requires sudo privileges to install packages and manage system services. This is expected for a system desktop setup, but users should recognize the privilege level.
sudo apt install -y xvfb xfce4 xfce4-terminal xdotool scrot imagemagick dbus-x11 x11vnc novnc websockify
Inspect the script before running it with sudo and prefer a disposable server or VM.