Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawd Cursor 0.6.0
v1.0.0AI desktop agent — control any app on Windows/macOS from your OpenClaw agent. Send natural language tasks to the Clawd Cursor API and it handles everything:...
⭐ 0· 357·2 current·2 all-time
by@sieyer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (desktop UI automation) aligns with the SKILL.md runtime instructions (clone repo, build, run a local REST API that controls the desktop). However the registry metadata lists no required binaries or env vars while SKILL.md's install steps require git, npm/node, and npx — an undeclared dependency mismatch. That omission is incoherent and should have been declared.
Instruction Scope
Instructions direct the agent to clone, build, and start a local Node-based server bound to 127.0.0.1 and to control screenshots and GUI actions. Two notable scope issues: (1) the SKILL.md explicitly tells the agent to start the server itself if connection is refused and to 'don't ask the user' when starting it, which grants the agent autonomy to run background processes without explicit user confirmation; (2) the skill will take screenshots and (depending on the configured AI provider) send them to that provider's API — SKILL.md states this, but this is sensitive behavior and the instructions give the agent operational latitude that could expose private data.
Install Mechanism
Install steps clone a GitHub repository and run npm install/build/start. GitHub is a reasonable source, but npm install pulls third-party packages which is moderate risk because it executes remote code during build/run. No obscure download URLs are used, but the install process is still substantial (writing to disk, installing dependencies, running a server).
Credentials
The skill declares no required environment variables, yet notes that in OpenClaw it inherits the active agent's AI provider and API key. In effect the skill will use the agent's model API credentials to process screenshots/text. That credential use is plausible for the stated purpose, but it is not declared up-front in required env fields and it grants the skill the ability to send potentially sensitive screenshots to a cloud provider (unless the user selects a local provider like Ollama).
Persistence & Privilege
The skill does not set always: true (good), but it instructs the agent to start and keep a local background server (npm start / node dist/index.js) and to operate it without asking the user in some cases. Running a persistent local server that can capture the screen and perform UI actions increases blast radius; starting it without an explicit user prompt is a notable privilege escalation compared with a purely ephemeral tool.
What to consider before installing
This skill looks like a legitimate desktop automation agent, but review the following before installing:
- Undeclared requirements: SKILL.md requires git, node/npm, and npx but the registry metadata did not list these; installation will clone a GitHub repo and run npm install/build/start (which downloads and executes third-party packages).
- Credential usage: the skill inherits your agent's AI provider/API key and will send screenshots/text to that provider if you select a cloud model. If you want to avoid cloud data leakage, use a local provider (Ollama) or withhold the API key.
- Autonomy and persistence: the agent is instructed to start a background server (127.0.0.1:3847) and told to do so without asking the user in some cases — that gives the skill a persistent foothold that can capture screen contents and automate UI actions.
Recommended precautions: inspect the referenced GitHub repository (https://github.com/AmrDab/clawd-cursor) before running; run the software in a sandbox or VM first; prefer a local model provider (Ollama) if you must use it; and only enable this skill for users who explicitly consent to screen capture and background services. If you are uncomfortable with npm install / running a background server or with cloud-based screenshot processing, do not install.Like a lobster shell, security has layers — review code before you run it.
latestvk97emtgk4m8jd0an9mc56n9yfx825f8t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.