Skillv1.0.0

ClawScan security

Desktop Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 5:05 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The instructions and requirements are internally consistent with the stated purpose (controlling a desktop via a local CUA server), but the skill delegates work to a third‑party server you must install and run locally — that server grants persistent, high‑privilege access to your desktop and should be audited before installation or network exposure.
Guidance: This skill is coherent: it expects you to install a separate CUA server that will actually control your desktop. Before installing or enabling it: (1) inspect the cua-computer-sdk and cua-computer-server source (PyPI package and GitHub repo) for malicious code; (2) avoid binding the server to 0.0.0.0 or exposing it to networks unless you enforce authentication and firewall rules; (3) prefer running the server in an isolated VM or disposable environment, not on your primary machine; (4) only grant the minimum OS permissions required (be cautious about adding to input group or using sudo); and (5) if you must run as a persistent service, configure strong auth tokens and network restrictions. If you cannot audit the third‑party package, treat this as high risk and avoid installing it on sensitive systems.

Review Dimensions

Purpose & Capability: okThe name/description promise (control the desktop via a CUA server on port 8000) matches the SKILL.md: it documents installing/running a local cua-server and shows curl calls to /cmd and /status. No unrelated credentials, binaries, or config paths are requested in the registry metadata.
Instruction Scope: noteThe SKILL.md instructs the user to install and run a local server, create systemd/launchd/Task Scheduler entries, and use curl to send commands (screenshot, click, etc.). These instructions are within scope for desktop control but they also require system/service changes (adding user to input group, setting XAUTHORITY, creating services) and enable remote command execution via the server API — which is expected for the stated purpose but is a sensitive capability.
Install Mechanism: noteThe registry contains no install spec (instruction-only), but the document tells users to pip install 'cua-computer-sdk' or git clone 'github.com/trycua/cua-computer-server'. Installing third‑party PyPI packages or running code from GitHub is normal here but introduces supply‑chain risk; the skill itself does not supply vetted binaries.
Credentials: okThe skill requests no environment variables or credentials in the registry. The SKILL.md references DISPLAY, XAUTHORITY, and $USER which are necessary for desktop control. It recommends using an --auth-token if the server is exposed — sensible and proportional.
Persistence & Privilege: concernThe guide explicitly shows how to install the server as a persistent system service (systemd/launchd/Task Scheduler) and to run it with restart policies. That grants long‑lived background access to the desktop. The skill metadata does not request this privilege, but the instructions enable persistent elevated capability on the host and thus raise security concerns if misused or exposed to a network.