Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Screen Vision
v1.1.0AI screen vision and desktop computer control skill for OpenClaw. Let your AI agent see the screen, understand UI elements, and autonomously perform mouse an...
⭐ 0· 110·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and code clearly require vision API credentials (baseUrl, apiKey, model) and write/read config.json under ~/.openclaw/... or /etc, but the registry metadata declared 'Required env vars: none' and 'Required config paths: none' — this is an explicit metadata mismatch. The skill legitimately needs an API key and local display access for its stated purpose, but the metadata omission is misleading. The skill also requires installation of system packages and may create system services/scripts (sv-start/sv-stop) which is consistent with headless operation but elevates the system footprint beyond a simple instruction-only helper.
Instruction Scope
Runtime instructions and scripts perform full-screen capture, encode and send screenshots (base64) to an external vision API, run an analyze->execute loop which can drive xdotool/cliclick/pyautogui, and save all screenshots to /tmp/screen-vision/logs/. The safety check relies on regex matching of action text/reason produced by the model; because actions are derived from an external LLM/vision model, a malicious or malformed response could bypass intent. The SKILL.md also documents starting a headless XFCE + VNC + noVNC stack which exposes a remote desktop — that expands scope to remote-access surface beyond local automation.
Install Mechanism
Although there is no remote arbitrary binary download, the included install/setup scripts run package manager installs (apt/yum/dnf), pip installs, create files under /usr/local/bin (sv-start/sv-stop), write VNC configuration (~/.vnc) and may configure noVNC/websockify. The setup script sets a default VNC password ('screen123') and runs vncserver with '-localhost no' allowing non-local connections — this is a risky default. The install requires sudo for system packages and writes system-level scripts, so it has substantial install-time impact.
Credentials
The skill legitimately needs a vision API key/baseUrl/model (config.json or env SV_VISION_*). That is proportionate to its purpose. However the skill stores/sources credentials from config.json (~/.openclaw/.../config.json) and environment variables; this was not reflected in registry metadata (declared none). The skill does not request unrelated cloud credentials, but it does create and store screenshots and VNC password files locally which you should consider sensitive.
Persistence & Privilege
The skill does not set always:true, but its installer creates persistent system artifacts: installs packages, writes /usr/local/bin scripts, config files under the user's home and potentially /etc, and can start a VNC/noVNC server that listens on network ports. Those artifacts persist beyond a single invocation and can expose a desktop over the network with a weak default password. Autonomous invocation is allowed by default (disable-model-invocation is false) — combined with network-exposed VNC this increases blast radius.
What to consider before installing
What to consider before installing:
- Metadata mismatch: the skill requires a vision API key (SV_VISION_* or config.json) even though registry metadata listed no env vars; expect to provide and store an API token locally.
- Network exposure: the headless setup creates VNC + noVNC and sets a default VNC password 'screen123' and may run vncserver with '-localhost no', which allows remote access. Do NOT run headless/noVNC on a public server without changing the password and restricting access (firewall, SSH tunnel, or localhost-only proxy).
- Privileged install: the setup scripts call apt/yum/dnf and write /usr/local/bin — you will need sudo and the installer changes system state. Review scripts before running, and prefer installing inside an isolated VM/container if possible.
- Sensitive data handling: screenshots (potentially containing passwords and private information) are saved to /tmp/screen-vision/logs/ and full images are uploaded (base64) to whichever vision API you configure. If you care about privacy, run a local model provider (ollama/local) or avoid sending screenshots to external services.
- Safety checks are heuristic: blocked/confirm rules are regex-based and act on the action text/reason that comes from the model; these can be bypassed by crafted responses. Do not grant this skill uncontrolled autonomous access on sensitive machines.
- Recommendations: inspect and modify install scripts (change VNC password, remove '-localhost no', restrict noVNC binding to localhost or disable noVNC), run in an isolated environment, use a local vision provider if you want to avoid sending screenshots externally, and ensure the API key is stored securely (not world-readable). If you are not comfortable reviewing and hardening these scripts, avoid installing on production or internet-exposed hosts.Like a lobster shell, security has layers — review code before you run it.
latestvk9768x1pk1n385myg7hymv5vyx84st7a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.