Back to skill
Skillv1.0.0
ClawScan security
BilldDesk Remote Desktop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 4:54 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent with a remote-desktop helper, but it directs users to download and run third‑party binaries and container images without providing verification details — treat as potentially risky until you verify sources.
- Guidance
- This skill is coherent for setting up a remote-desktop tool, but before running anything do the following: (1) Verify the GitHub repo and release artifacts (source code, release tags, commit history) match the binaries on desk.hsslive.cn and check signatures/checksums if available. (2) Avoid piping remote scripts directly into sh unless you trust the source; prefer package manager instructions or inspect the script first. (3) Confirm the Docker image origin (registry and image publisher) before docker pull/run or build from the official source. (4) Prefer private deployment and Tailscale as suggested if you must use it on sensitive hosts, use strong, unique passwords, and restrict access. (5) If you cannot verify the upstream project or maintainers, do not install the client on critical machines.
Review Dimensions
- Purpose & Capability
- okName/description (remote desktop via WebRTC) match the SKILL.md content: download client, register, add devices, optional private relay/Docker deployment and Tailscale guidance. No unrelated env vars, binaries, or config paths are requested.
- Instruction Scope
- noteInstructions stick to remote-desktop setup, Tailscale integration, and Docker deployment. However, they explicitly tell users to download/install software from desk.hsslive.cn and to run system install commands (e.g., curl | sh for Tailscale) and a docker run of 'billd-desk-server:latest' without providing checksums, registry origin, or verification steps — these are legitimate steps for deployment but increase risk if sources are untrusted.
- Install Mechanism
- noteThere is no install spec embedded in the skill (instruction-only), which is lower platform risk. But runtime instructions recommend installing third‑party binaries from desk.hsslive.cn and pulling/running a Docker image name that lacks an explicit registry/source; these are potentially dangerous if the remote artifacts are malicious or replaced.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. It does not ask the agent for unrelated secrets. The only operational actions are to obtain and run external client/server binaries and optionally register an account on the service — which is proportionate for a remote-desktop tool.
- Persistence & Privilege
- okSkill flags are default (not always: true). It does not request permanent presence or attempt to modify other skills or global agent settings. The SKILL.md mentions 'online update' and 'autostart' as product features (not skill installation behavior), which are expected for remote-control software but should be considered when deploying on sensitive systems.