Clawd Cursor 0.6.0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed desktop-control skill, but it asks the agent to run external Node code and start a hidden background controller with broad access to the user's screen and apps.
Install only if you are comfortable giving a local agent broad ability to see and operate your desktop. Before use, inspect and pin the external GitHub/npm code, start the controller only with explicit consent, verify how to stop it, and prefer local processing or non-sensitive screens for private work.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can see and operate applications on the user's desktop during tasks.
This shows the skill intentionally grants broad GUI control and screen visibility. That is aligned with its purpose, but it is powerful enough to affect accounts, settings, messages, or transactions if used carelessly.
You **CAN** open apps, click buttons, type text, fill forms ... You **CAN** see what's on screen ... interact with applications — browser, desktop apps, settings
Use only for explicitly requested desktop tasks, monitor the session, and require confirmation before messaging, financial, admin, account, or settings changes.
A desktop automation controller may be started invisibly and continue operating during the session without a fresh user approval at startup.
The skill instructs the agent to launch the desktop-control server without asking and to hide the process window, while tasks can continue in the background.
If connection refused — **start it yourself** (don't ask the user): ... Start-Process -FilePath "node" ... -WindowStyle Hidden ... The task runs in the background.
Require explicit user approval before starting the service, run it visibly where possible, and provide or verify a clear stop command before use.
Installing the skill can execute external code on the user's machine with the same local access needed for desktop automation.
The install path fetches, builds, and runs external Node/npm code rather than code included in the submitted skill artifacts. No pinned commit or reviewed lockfile is shown in the provided artifacts.
install: - git clone https://github.com/AmrDab/clawd-cursor.git - cd clawd-cursor && npm install && npm run build - cd clawd-cursor && npx clawd-cursor doctor - cd clawd-cursor && npm start
Inspect the GitHub repository first, pin to a trusted commit or release, review npm dependencies/lockfiles, and consider running it in a restricted test environment.
The configured AI provider/API key may be used when the desktop agent processes tasks.
Using the active provider credential is expected for an AI desktop agent, but the user should recognize that the provider key may be used for screen-analysis tasks and possible usage charges.
In OpenClaw, this skill inherits the active agent's AI provider + API key.
Use a trusted provider configuration, prefer a limited-use key where available, and use local Ollama mode if you do not want cloud API use.
Private information visible on screen could be sent to the selected AI provider during automation.
The artifacts disclose that on-screen content can cross a provider boundary when a cloud model is used. This is purpose-aligned, but screenshots/text may contain sensitive data.
If using a cloud provider (Anthropic, OpenAI, Kimi), screenshots/text are sent to that provider's API only ... The user controls which provider is used.
Use local mode for sensitive work, close or hide private apps before tasks, and confirm which provider is configured.