WinControl

v1.5.0

Provides an HTTP API on Windows to capture on-demand screenshots and remotely control mouse and keyboard actions via POST requests on port 8767.

⭐ 0· 133·0 current·0 all-time

by@qqshi13

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for qqshi13/wincontrol.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "WinControl" (qqshi13/wincontrol) from ClawHub.
Skill page: https://clawhub.ai/qqshi13/wincontrol
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wincontrol

ClawHub CLI

Package manager switcher

npx clawhub@latest install wincontrol

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description align with the included code: server.py implements screenshot capture and mouse/keyboard control and SKILL.md documents how to run it. Required runtime packages (pywin32, pillow, mss) are appropriate for the functionality. Small inconsistencies in packaging metadata exist (registry lists v1.5.0, _meta.json shows v1.4.1, skill.json shows v1.1.0 and a different license/homepage) which reduce trust in provenance but do not contradict the stated purpose.

Instruction Scope

SKILL.md instructs the user to run a long‑running HTTP server on port 8767 that accepts POSTs to perform desktop actions and to write screenshot.jpg into the skill folder. The instructions do not request unrelated files or credentials, but they create an unauthenticated local API that can perform privileged actions (mouse/keyboard, screenshots). An unauthenticated local HTTP control surface is a significant security exposure if the port becomes reachable from other hosts or if other processes or misconfigurations forward the port. The instructions also recommend running from WSL/PowerShell and include start/stop scripts that operate on local files; no direct external exfiltration endpoints are present in the provided code.

✓

Install Mechanism

This is instruction-only (no package installer). Dependencies are standard PyPI packages (pywin32, pillow, mss) installed via pip per SKILL.md — expected for this functionality. No downloads from untrusted URLs, no archive extraction, and the included start/stop scripts are simple wrappers.

✓

Credentials

The skill requests no environment variables, no credentials, and does not reference external config paths beyond its own skill folder and /tmp for WSL. That is proportionate to its purpose. The lack of authentication is a design choice (not an environment/credential mismatch) but increases operational risk.

ℹ

Persistence & Privilege

The skill is not flagged always:true and does not modify other skills. It writes a screenshot file into its own directory and cleans it up on exit — behavior described in SKILL.md and implemented in server.py. Note that the platform default allows the agent to invoke skills autonomously; combined with this skill's control surface, that increases blast radius if the agent or other skills are compromised.

What to consider before installing

What to consider before installing/running WinControl: - Function & risk: This skill runs a local HTTP server (port 8767) that can take screenshots and fully control your mouse and keyboard. That capability is powerful and dangerous if the API is reachable by untrusted code or remote hosts. - Authentication: There is no built-in authentication or access control. Only run this if you understand and control the machine and network (or add your own authentication/restrict binding to localhost and firewall rules). - Provenance concerns: Packaging metadata is inconsistent (multiple different versions and licenses in skill.json, _meta.json, and changelog). The registry entry listed no homepage/source but skill.json references a GitHub URL — that mismatch reduces trust. Prefer skills with clear, consistent provenance and a verified upstream repository. - How to reduce risk: Run in a sandbox or disposable VM, restrict network access (block external access to port 8767), bind the server explicitly to localhost only, add an authentication layer (reverse proxy with basic auth or token), and review the full server.py source yourself. If you must run on your workstation, avoid running when remote access or port forwarding is possible. - Testing: Inspect server.py for any network calls or unexpected file access (we saw only local file operations and Win32 API calls). Start the server in an isolated environment first and watch for unexpected behavior. - When not to install: Do not run this on a production machine, multi-user server, or any machine exposed to untrusted networks without adding strong access controls. If you want, I can (a) list the exact lines in server.py that implement the HTTP handlers and cleanup so you can audit them, or (b) suggest a minimal wrapper that binds to 127.0.0.1 and requires a bearer token to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk975j294nsy94qvwja1eq1k9k984pa5a

133downloads

0stars

8versions

Updated 2w ago

v1.5.0

MIT-0

WinControl Skill

AI remote control for Windows desktop. Captures screen on-demand via POST request and provides an HTTP API for mouse/keyboard actions.

What It Does

On-Demand Capture: POST to /capture to save screenshot, returns file path
Action API: Control mouse and keyboard via HTTP endpoints on port 8767
Auto-Cleanup: Deletes screenshot on server shutdown (Ctrl+C)
Cross-Platform: Works on native Windows or WSL
Self-Contained: Single screenshot.jpg saved in skill folder, overwritten each time, auto-deleted on exit

Quick Start

Option 1: Native Windows (Recommended)

Run directly on Windows without WSL:

# Install dependencies (one-time)
pip install pywin32 pillow mss

# Start the server
cd %USERPROFILE%\.openclaw\workspace\skills\wincontrol
python server.py

Or use the provided batch file:

.\start.bat

Screenshots are saved as screenshot.jpg in the skill directory and auto-deleted when the server stops.

Option 2: WSL Integration

If you prefer WSL, the server runs on Windows Python but can be controlled from WSL:

# From WSL
cd ~/.openclaw/workspace/skills/wincontrol
./start.sh

Or start manually with PowerShell 7:

'/mnt/c/Program Files/PowerShell/7/pwsh.exe' -Command \
  "python //wsl.localhost/Ubuntu/home/\$USER/.openclaw/workspace/skills/wincontrol/server.py" &

Verify Installation

# Health check
curl http://localhost:8767/ping
# Output: {"ok": true}

# Capture a screenshot
curl -X POST http://localhost:8767/capture
# Output: {"ok": true, "path": ".../screenshot.jpg"}

Native Windows: Open screenshot.jpg in the skill directory

WSL: Access via the skill folder path

File Structure

skills/wincontrol/
├── SKILL.md            # This file
├── server.py           # Main server (runs on Windows)
├── start.bat           # Start script (Native Windows)
├── start.sh            # Start script (WSL)
├── stop.sh             # Stop script (WSL)
└── screenshot.jpg      # Latest screenshot (auto-created, auto-cleaned)

API Reference

Capture Screen

curl -X POST http://localhost:8767/capture

Returns: {"ok": true, "path": ".../screenshot.jpg"}

Each capture overwrites screenshot.jpg in the skill directory. The file is automatically deleted when the server stops.

Mouse Actions

# Move cursor (no click)
curl -X POST http://localhost:8767/move -d '{"x": 500, "y": 300}'

# Click
curl -X POST http://localhost:8767/click -d '{"x": 500, "y": 300}'

# Drag
curl -X POST http://localhost:8767/drag -d '{"x1": 100, "y1": 200, "x2": 300, "y2": 400}'

# Scroll
curl -X POST http://localhost:8767/scroll -d '{"x": 500, "y": 300, "direction": "down", "amount": 3}'

Keyboard Input

# Type text
curl -X POST http://localhost:8767/enter -d '{"keys": ["Hello World"]}'

# Press special key
curl -X POST http://localhost:8767/enter -d '{"keys": ["Enter"]}'

# Key combination (Ctrl+C)
curl -X POST http://localhost:8767/enter -d '{"keys": ["Ctrl", "C"]}'

# Mixed sequence: type, press key, then combo
curl -X POST http://localhost:8767/enter -d '{"keys": ["Hello", "Enter", "Ctrl", "A"]}'

The /enter endpoint accepts a list of keys and handles them sequentially:

Text strings → Typed as-is
Special keys → Pressed once (Enter, Escape, Tab, etc.)
Modifier + key → Treated as combination (Ctrl+C, Alt+Tab, etc.)

Special Keys Reference

Single keys:

Enter, Return, Escape, Esc
Backspace, Tab, Space
Delete, Del
Up, Down, Left, Right
Home, End, PageUp, PageDown
F1 through F12

Modifiers (combine with other keys):

Ctrl, Control
Alt
Shift
Win, Windows

Common Workflows

Capture and View (Native Windows)

# Using PowerShell
$response = Invoke-RestMethod -Uri "http://localhost:8767/capture" -Method Post
Start-Process $response.path

Capture and View (WSL)

FILE=$(curl -s -X POST http://localhost:8767/capture | python3 -c "import sys,json; print(json.load(sys.stdin)['path'])")
read "$FILE"

Click and Verify

# Click somewhere
curl -X POST http://localhost:8767/click -d '{"x": 500, "y": 300}'
sleep 0.5

# Capture to see result
curl -X POST http://localhost:8767/capture

Open Notepad and Type

# Win+R to open Run
curl -X POST http://localhost:8767/enter -d '{"keys": ["Win", "R"]}'
sleep 0.5

# Type notepad and press Enter
curl -X POST http://localhost:8767/enter -d '{"keys": ["notepad", "Enter"]}'
sleep 1

# Type message
curl -X POST http://localhost:8767/enter -d '{"keys": ["Hello from WinControl!"]}'

Installation

Native Windows

Install Python 3 from python.org
Install dependencies:
```
pip install pywin32 pillow mss
```
Clone/download the skill to ~/.openclaw/workspace/skills/wincontrol/
Start the server:
```
python server.py
```

WSL2 (Legacy)

See WSL2 Configuration section below.

Frame Management

Capture: On-demand via POST /capture
Quality: 90% JPEG for clear text/UI
File: screenshot.jpg in skill directory
Behavior: Overwritten on each capture
Auto-cleanup: Deleted when server stops (Ctrl+C)

To change quality, edit server.py:

QUALITY = 90      # 1-100

Stopping the Server

The server automatically cleans up the screenshot when stopped.

Native Windows

Press Ctrl+C in the PowerShell window, or:

# Find and stop the process
Get-Process python | Where-Object {$_.CommandLine -like '*wincontrol*'} | Stop-Process

WSL

./stop.sh

Or manually:

# Kill Python process on Windows using PowerShell 7
'/mnt/c/Program Files/PowerShell/7/pwsh.exe' -Command \
  "Get-Process python -ErrorAction SilentlyContinue | Where-Object {\$_.CommandLine -like '*wincontrol*'} | Stop-Process -Force"

Troubleshooting

Native Windows

Issue: pip install pywin32 fails

Try: pip install pywin32 --upgrade --force-reinstall
Or download from GitHub releases

Issue: Port 8767 already in use

Find the process: netstat -ano | findstr :8767
Kill it: taskkill /PID <PID> /F

Issue: Cannot access from WSL

Ensure Windows Firewall allows Python through
Try disabling Windows Defender Firewall temporarily for testing

WSL2

Prerequisites

WSL2 with Ubuntu (or your preferred distro)
Python 3 on Windows side
Dependencies: pywin32, pillow, mss (auto-installed)

Path Configuration

Screenshots are saved as screenshot.jpg in the skill folder, accessible from both Windows and WSL.

Troubleshooting

Issue: Server starts but curl fails

Check if port 8767 is in use: lsof -i :8767
Kill existing process: kill <PID>

Issue: Python module errors

Manually install deps on Windows:

'/mnt/c/Program Files/PowerShell/7/pwsh.exe' -Command "pip install pywin32 pillow mss"

How It Works

┌─────────────┐     ┌──────────────┐     ┌────────────────┐
│  Client     │────▶│   server.py  │────▶│  screenshot.jpg│
│  (curl/ps)  │     │  (localhost) │     │  (skill dir)   │
└─────────────┘     └──────────────┘     └────────────────┘
                            │
                     ┌─────┴─────┐
                     │  Port     │
                     │  8767     │
                     └───────────┘

The server runs on Windows Python. Screenshots are saved as screenshot.jpg in the skill directory and automatically deleted when the server stops (Ctrl+C).

Python Client Example

import requests
import time

API = "http://localhost:8767"

def capture():
    """Capture screen and return file path"""
    r = requests.post(f"{API}/capture")
    return r.json().get("path")

def click(x, y):
    requests.post(f"{API}/click", json={"x": x, "y": y})

def enter(keys):
    requests.post(f"{API}/enter", json={"keys": keys})

# Example workflow
if __name__ == "__main__":
    # Type text, press Enter, then select all
    enter(["Hello World", "Enter", "Ctrl", "A"])
    time.sleep(0.5)
    
    # Capture result
    screenshot_path = capture()
    print(f"Screenshot saved to: {screenshot_path}")

Security Notes

Server binds to localhost only (not accessible from network)
No authentication - anyone with local access can control your desktop
Screenshot is auto-deleted when server stops
Screenshot saved as single screenshot.jpg in skill folder, not system directories
Be careful running this on shared machines

Integration with OpenClaw

Native Windows

// Capture and view
const result = await exec("curl -s -X POST http://localhost:8767/capture");
const data = JSON.parse(result.stdout);
// Path will be Windows format: C:\Users\...
await read(data.path);  // OpenClaw handles Windows paths

WSL

// Capture and view
const result = await exec("curl -s -X POST http://localhost:8767/capture");
const data = JSON.parse(result.stdout);
await read(data.path);  // Path: /mnt/c/Users/...

// Or take action then capture
await exec("curl -X POST http://localhost:8767/click -d '{\"x\":500,\"y\":300}'");
await exec("sleep 0.5");
const screenshot = await exec("curl -s -X POST http://localhost:8767/capture");

License

MIT-0

Comments

Loading comments...