Back to skill
Skillv0.1.0
VirusTotal security
Claw Mouse · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:09 AM
- Hash
- 396baa03e49030314a96ffa370cbef3424443b45cdaa2598d0c7e284a3fdfb2a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-mouse Version: 0.1.0 The 'claw-mouse' skill is classified as suspicious due to its inherent high-risk capabilities, even though they align with its stated purpose of desktop GUI control. The `desktopctl.py` script grants full control over the X11 desktop (mouse, keyboard, screenshots, window management) via `xdotool` and `scrot`. Specifically, the `cmd_open` function allows opening arbitrary URLs via `xdg-open`, `gio`, or `chromium-browser`, which could be abused to navigate to malicious websites or trigger client-side vulnerabilities. Additionally, the `cmd_activate` function passes user-controlled regex to `xdotool search --name`, posing a potential denial-of-service vulnerability against the `xdotool` process. While the `SKILL.md` is transparent about the skill's functionality and includes safety notes, the presence of these powerful and potentially abusable capabilities, without clear constraints, warrants a 'suspicious' classification based on the provided guidelines.
- External report
- View on VirusTotal