ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

application-use

v1.0.0

Automate macOS tasks by opening apps, clicking elements, filling forms, typing, scrolling, and controlling the desktop via CLI commands.

0· 91·0 current·0 all-time
byWei Qiang@qdore

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for qdore/application-use.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "application-use" (qdore/application-use) from ClawHub.
Skill page: https://clawhub.ai/qdore/application-use
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install application-use

ClawHub CLI

Package manager switcher

npx clawhub@latest install application-use
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (macOS desktop automation) matches the SKILL.md usage (open/click/fill/scroll), but the registry metadata lists no required binaries while the SKILL.md explicitly instructs installing and running an 'application-use' npm CLI. The allowed-tools entry also references Bash(./application-use:*), which implies a local binary; these mismatches (no required binary declared, no install spec in registry, but an npm install command in the README) are inconsistent and worth verifying.
!
Instruction Scope
Instructions tell the agent to take snapshots/screenshots and interact with UI elements — behavior that can capture sensitive screen content (passwords, personal data) and control the desktop via accessibility APIs. The SKILL.md does not constrain what to capture or warn about sensitive content, and it includes examples that access user file paths. While these actions are coherent with desktop automation, they expand the agent's ability to observe and manipulate local sensitive state and should be treated as high-risk.
!
Install Mechanism
No install spec was provided in the registry metadata, but the SKILL.md tells users to run 'npm i -g application-use' (a global npm install). Installing an unknown npm package globally is a moderate-to-high risk because it executes third-party code with system-level accessibility privileges on macOS. There is no homepage or source URL in the registry metadata to verify package provenance.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, macOS desktop automation typically requires granting Accessibility / Automation permissions to the installed binary; granting those permissions gives the tool broad control of the desktop. The SKILL.md does not document that requirement or recommend permission scoping.
Persistence & Privilege
The skill is not always-enabled and doesn't request to modify other skills or global agent settings (good). Still, the runtime behavior (a CLI that drives the GUI) implies it will require OS-level accessibility privileges once installed — this is powerful and should be considered when granting permissions.
What to consider before installing
This skill's purpose (macOS automation) is plausible, but there are red flags you should address before installing: - Verify provenance: the registry provides no homepage/source. Search npm for 'application-use', inspect the package author, recent versions, and read the package source before installing. Prefer installing only from trusted, audited packages. - Avoid blind global installs: 'npm i -g' installs a binary system-wide. If you test, do so in a disposable account or VM and avoid granting Accessibility permissions to unknown binaries. - Accessibility and screenshots are powerful: the tool will likely require macOS Accessibility/Automation permissions and can capture screenshots/snapshots that may include passwords or private data. Only grant such permissions if you trust and have inspected the code. - Confirm CLI location/usage mismatch: the SKILL.md references both a global npm package and a local './application-use' binary. Ask the skill author which binary is required and why no required-binaries or install spec exists in the registry metadata. - If you cannot validate the package source or review its code, decline installation or request a vetted alternative. If you proceed, limit exposure (use a test account, sandbox, or VM) and monitor for unexpected network or system activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk972sk1s2kfzqysrgagsqbc46183vspj
91downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Wei Qiang@qdore
latest
Download

macOS Desktop Automation (application-use)

A CLI to automate macOS applications.

install

npm i -g application-use

🚀 Core Workflow

  1. Open: application-use open --appName "<Name>" -- Auto-shows initial snapshot.
  2. Interact: Use hints (e.g., [A]) to click, type, or scroll.
  3. Auto-Update: Commands (open, click, type, sendkey, scroll) automatically display an updated snapshot.

[!TIP] Use application-use snapshot only when you need a fresh view without any action (e.g., after waiting for dynamic content).

🛠 Command Reference

CommandUsageDescription
openopen --appName "Safari"Opens app and shows snapshot.
clickclick A [--right] [--double]Clicks element by hint letter.
fillfill A "text" or fill "text"Fills text into hint or focused element.
sendkeysendkey enter, sendkey cmd+vSends single or shortcut keys.
scrollscroll "Main" down [500]Scrolls area by name/hint.
screenshotscreenshot [path] [--frame]Captures window or specific coordinates.
searchsearch "Safari"Finds installed application names.
closeclose --appName "Safari"Quits the specified application.
typetype "text"Types text into the focused element.

🏷 Hint System

  • Elements: [A], [B], [AA]... (Interactive elements).
  • Areas: [a], [b]... (Targets for scrolling).
  • Special Marks: (*) = OCR-detected; (+) = Newly added since last snapshot.

⚡️ Common Automation Patterns

Form Filling & Submission & scroll

application-use open --appName "Safari"
application-use fill A "user@example.com"    # Fill email
application-use sendkey tab                   # Next field
application-use fill "password"               # Focus-fill password
application-use sendkey enter                 # Submit
application-use scroll d down 1000            # Scroll down area d

Browser Navigation

application-use open --appName "Safari"
application-use fill A "https://google.com" && application-use sendkey enter
# Wait for load, then interact with hints from auto-snapshot

File Operations (Finder)

application-use open --appName "Finder"
application-use sendkey cmd+shift+g           # Go to Folder
application-use fill "/Users/name/Downloads" && application-use sendkey enter

# Open in New Tab via right-click
application-use click A --right               # Right-click folder/file (hint A)
application-use click B                       # Click "Open in New Tab" from menu (hint B)

Comments

Loading comments...