ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Allow your claws to do things remotely on a Desktop machine via MCP

v1.0.1

Full remote desktop control of a machine via Remote Claws MCP. Use when asked to: take a screenshot of the remote desktop; click, type, or drag with the mous...

1· 126·0 current·0 all-time
by@wentbackward

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wentbackward/remote-claws.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Allow your claws to do things remotely on a Desktop machine via MCP" (wentbackward/remote-claws) from ClawHub.
Skill page: https://clawhub.ai/wentbackward/remote-claws
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install remote-claws

ClawHub CLI

Package manager switcher

npx clawhub@latest install remote-claws
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description promise full remote-desktop control and the SKILL.md documents desktop, browser, exec, and file tools that exactly match that purpose. There are no unrelated environment variables, binaries, or install steps requested that would be unexpected for a remote-control skill.
Instruction Scope
The instructions tell the agent to take screenshots, click/type, run arbitrary commands, and read/write files on the remote machine — all expected for full remote-control functionality. They do not instruct the agent to read local host secrets or unrelated system files. Note: the skill assumes use of an MCP/SSE-connected remote-claws server and references configuration in openclaw.json (bearer token), which is outside the skill file itself.
Install Mechanism
Instruction-only skill with no install steps and no code files. This is the lowest install risk: nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables or credentials in the registry metadata, which is consistent with being an instruction-only skill. However, the SKILL.md states the MCP server requires a bearer token configured in openclaw.json and may use allowlists and per-tool permissions. That configuration is external to the skill and not declared as a required env var — you should verify how and where that token is stored and that it is not leaked.
Persistence & Privilege
always:false and user-invocable:true (default) — the skill will not be forced into every agent run. disable-model-invocation is false, so the agent may call the skill autonomously. Given the high-power nature of remote-control tools (commands, files, screen), you should consider whether autonomous invocation is acceptable in your deployment and enforce per-tool permissions on the MCP server.
Assessment
This skill is coherent: it provides remote-desktop, browser automation, command execution, and file operations as advertised. That also means it is very powerful — if misused it can run commands and read/write files on the remote machine. Before installing: (1) Confirm you trust the Remote Claws MCP server you register (verify the server hostname, repository, and operator). (2) Ensure the bearer token referenced in openclaw.json is stored securely and that you understand which account/permissions it grants. (3) Configure per-tool permissions (permissions.json) and IP/host allowlists on the MCP server to limit what the agent can do. (4) Consider disabling autonomous invocation for this skill or require explicit user consent for actions that run commands or access files. (5) If you cannot verify the remote server and its operator, do not enable this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk975xzm3t8zzraw5yqy3dbdnad83ntmk
126downloads
1stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
@wentbackward
latest
Download

Remote Claws — Remote Desktop Control

Controls a remote machine over MCP/SSE. All 39 tools are provided by the remote-claws MCP server registered in openclaw.json.

When to Use This Skill

Use Remote Claws tools whenever you need to interact with the remote desktop machine — taking screenshots, clicking buttons, typing text, running commands, automating a browser, or transferring files. If the user asks you to do something "on the remote machine" or "on Windows," these are your tools.

Strategy

  1. Screenshot first. Before clicking or typing, take a desktop_screenshot to see what's on screen. Use the coordinates from the screenshot to target actions.
  2. Prefer browser tools for web tasks. browser_* tools use CSS selectors and are resolution-independent. Only use desktop_* tools for web tasks if the browser tools can't reach something (e.g. browser dialogs, file pickers).
  3. Prefer element names over coordinates. desktop_click_element and desktop_get_element_text target UI controls by name — more reliable than coordinate clicking, which breaks when windows move.
  4. Exec is async. exec_run starts a command and returns immediately. Use exec_get_output with wait=true if you need to block until it finishes.
  5. Re-screenshot after actions. Windows may move, dialogs may appear. Take a fresh screenshot to verify the result before proceeding.

Tool Groups

Desktop (mouse, keyboard, screenshots)

  • desktop_screenshot — capture full screen or region [x, y, width, height]
  • desktop_mouse_click — left/right/middle click at x, y
  • desktop_mouse_move — move cursor to x, y
  • desktop_mouse_drag — drag from start to end coordinates
  • desktop_type_text — type ASCII text at current focus (ASCII only)
  • desktop_press_key — press key or combo: "enter", "ctrl+c", "alt+f4"
  • desktop_scroll — scroll at x,y; direction "up" or "down"
  • desktop_find_window — find windows by title or class_name substring
  • desktop_focus_window — bring window to foreground by title
  • desktop_list_elements — list UI controls (buttons, fields) inside a window
  • desktop_click_element — click a named UI element (more reliable than coords)
  • desktop_get_element_text — read the value of a named UI element

Browser (Chromium via Playwright — CSS selectors)

  • browser_navigate — go to a URL
  • browser_click — click element by CSS selector
  • browser_fill — set input value (handles Unicode, triggers change events)
  • browser_type — type keystroke-by-keystroke (appends, does not clear)
  • browser_press_key — key press e.g. "Enter", "Control+a"
  • browser_get_text — extract visible text from element (default: body)
  • browser_get_html — get HTML markup of element
  • browser_eval_js — run JavaScript in page context
  • browser_screenshot — screenshot page or element
  • browser_wait_for — wait for element state: visible/hidden/attached/detached
  • browser_select_option — select a dropdown option by value or label
  • browser_go_back / browser_go_forward
  • browser_tabs_list / browser_tab_new / browser_tab_close

Exec (run commands, async)

  • exec_run — start command; returns process_id immediately
  • exec_get_output — read stdout/stderr; set wait=true to block
  • exec_send_input — send a line to stdin of a running process
  • exec_kill — terminate a process
  • exec_list — list all tracked processes

Files (base64 encoded)

  • file_write — write base64 content to a path
  • file_read — read file as base64 (use offset/limit for large files)
  • file_list — list directory; supports glob patterns, recursive
  • file_delete — delete file or empty directory
  • file_move — move or rename file/directory
  • file_info — get size, created, modified timestamps

Authentication & Security

The remote-claws MCP server requires a bearer token, configured in openclaw.json when registering the server. The server will reject unauthenticated connections with 401.

The server also supports IP allowlisting (allowed_ips), host header validation (allowed_hosts), and per-tool permission policies (permissions.json) to restrict which tools are available. See the setup guide and README for configuration details.

Important Notes

  • Screenshots are JPEG, max 1280x960. Coordinates are absolute pixels.
  • desktop_type_text is ASCII only. For Unicode, use browser_fill or clipboard: exec_run powershell Set-Clipboard, then desktop_press_key ctrl+v.
  • File content is base64 encoded. Decode after reading.
  • The browser launches on first use and stays open across calls. Sessions persist (cookies, local storage).

Comments

Loading comments...