Ui Controller
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is advertised as local UI control, but its main JavaScript entry point can run arbitrary shell commands on the gateway computer.
Do not install this unless you intentionally want the OpenClaw agent to have broad local command execution and desktop control on the gateway machine. Ask the publisher to remove the arbitrary shell command path and clearly document, restrict, and confirm any remaining UI automation actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A prompt or invocation could run local commands on the gateway machine, potentially reading, changing, or deleting local data depending on the command.
The command is derived directly from the incoming message and passed to child_process.exec without a whitelist, argument validation, or confirmation. This exposes arbitrary shell execution, not just UI automation.
const cmd = context.message.slice(3).trim(); ... exec(cmd, (err, out)=>{err?reject(err):resolve(out)});Remove the shell exec path or replace it with a strict whitelist that only calls the intended UI actions. Require explicit user confirmation for high-impact desktop or system operations.
A user may install it expecting mouse/keyboard automation while actually granting a much broader local command-running capability.
The public description frames the skill as UI-related desktop control, but the main JavaScript file executes arbitrary shell commands. That under-discloses the actual authority being granted.
- Triggers UI related actions - Controls local desktop behaviour
Update the documentation and metadata to clearly disclose any command execution, or remove that capability so the implementation matches the stated UI-controller purpose.
Desktop automation can click, type, or press hotkeys in the wrong window if context changes.
These UI actions are purpose-aligned, but they operate on whichever local application is active and can therefore cause unintended edits, submissions, or account actions.
pyautogui.click(x, y) ... pyautogui.write(text, interval=0.02) ... pyautogui.hotkey(*keys)
Use only in a trusted, supervised desktop session and add safeguards such as active-window checks, confirmations, or restricted action presets.
Users have less information about where the code came from and what local dependencies are expected.
For a high-impact local-control skill, the artifacts provide limited provenance and no declared install/dependency setup, while included files reference Python and pyautogui.
Source: unknown ... No install spec — this is an instruction-only skill.
Provide a clear source repository, pin or declare dependencies, and add an OS restriction matching the Windows-only documentation.