Back to skill
Skillv0.1.0
ClawScan security
Claw Mouse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 7:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are coherent with its stated purpose (X11 desktop control via xdotool + scrot); nothing requests unrelated credentials or installs arbitrary remote code.
- Guidance
- This skill appears to do what it claims: control an X11 desktop via scrot/xdotool. However, running it (or granting an agent access to it) allows automated mouse movement, clicks, typing, window activation, and opening URLs in your real desktop session. Before installing/using: (1) review the desktopctl.py source (it's short and readable); (2) do not supply your main session's XAUTHORITY cookie to untrusted agents — prefer running in a disposable X session or VM; (3) avoid running as root or exposing sensitive windows while testing; (4) ensure xdotool/scrot are installed from your distro package repository; and (5) require explicit user confirmation for any autonomous runs that will control your real desktop.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the CLI wraps scrot for screenshots, xdotool for mouse/keyboard/window control, and xdg-open/gio as a URL opener. Required binaries (python3, xdotool, scrot) are exactly what the skill needs.
- Instruction Scope
- noteSKILL.md instructs use of DISPLAY and XAUTHORITY (and shows flag/ENV usage) which is necessary to access an X11 session. The instructions explicitly warn that the skill can click/type into a real desktop. There are no steps that read or transmit unrelated files or network endpoints beyond opening URLs via a local opener.
- Install Mechanism
- okNo install spec; instruction-only skill with one included Python script. Nothing is downloaded from external URLs or written to unexpected system locations.
- Credentials
- noteNo credentials are declared or required. The tool uses DISPLAY and an XAUTHORITY cookie path (defaults to $HOME/.Xauthority) to interact with X11 — this is appropriate for desktop control but the XAUTHORITY cookie is sensitive because possession grants session access. The skill does not exfiltrate that file, but it does rely on it to operate.
- Persistence & Privilege
- okalways is false and there is no installation that modifies other skills or system-wide settings. The skill can be invoked autonomously by the agent (platform default); combined with desktop-control capability this increases risk in practice but is expected for such skills.