GUI Automation
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gui-automation Version: 1.0.1 The skill provides full desktop control capabilities (mouse, keyboard, screenshots, and application launching) by instructing the user to install and run a local API server (cua-computer-sdk). While the documentation in SKILL.md is transparent and includes security warnings regarding localhost binding and temporary sessions, the capability itself is high-risk as it grants the AI agent RCE-equivalent access to the host's graphical environment. No evidence of intentional malice or exfiltration was found in the provided files, but the reliance on an external dependency for such broad permissions warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local CUA server is running, desktop actions could affect files, apps, browser sessions, or accounts visible in the user session.
This gives the agent high-impact control over the active desktop session, including the ability to interact with applications and capture screen contents.
The server can simulate keyboard, mouse, and take screenshots
Run the server only when needed, keep it bound to localhost, supervise activity, and avoid using it while sensitive apps or accounts are open unless necessary.
Installing the wrong, compromised, or unexpected package version could grant desktop-control privileges to untrusted code.
The skill relies on installing a third-party package that controls the desktop; the instruction is disclosed and user-directed, but the package version is not pinned in the artifact.
pip install cua-computer-sdk
Verify the package source, publisher, and version before installing; prefer a reviewed or pinned version when possible.
A local process will run with the user's normal privileges and can receive commands to automate the desktop.
The skill requires the user to run a local server process; this is central to the purpose and the artifact recommends a localhost-only, temporary setup.
cua-server start --port 8000 --bind 127.0.0.1
Start it manually in the foreground when needed, stop it when finished, and do not expose the port to the network.
If left running in the background, the desktop-control server may remain available longer than intended.
The artifact documents a background-process option, but also says persistent/system service installation is not required and recommends temporary foreground use.
Run in background for current session only
Use foreground mode where possible, record the process ID if backgrounded, and stop the server after the task is complete.