v1.0.8

TuriX Computer Use

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 AM.

Analysis

This skill openly provides an autonomous macOS desktop-control agent, but it requires broad screen-recording/accessibility permissions and runs external TuriX code, so users should review and tightly limit it before installing.

GuidanceInstall only if you intentionally want an agent that can see and control your macOS desktop. Use a dedicated account or environment, verify the external TuriX repository before granting permissions, monitor runs closely, require confirmation for sensitive actions, and revoke Screen Recording/Accessibility permissions when finished.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

For multi-step visual workflows (e.g., "Find the latest invoice in my email and upload it to the company portal").

The skill is intended to operate arbitrary desktop and web UIs, including workflows involving email and business portals, without clearly documented confirmation gates for sensitive changes or uploads.

User impactIf invoked on a broad task, the agent could click through signed-in apps or websites and perform account, business, or data-transfer actions on the user's behalf.

RecommendationUse only for narrowly specified tasks, monitor the run, and require explicit user confirmation before uploads, purchases, account changes, deletions, or other high-impact actions.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

README.md

Set up TuriX following the official repository: `https://github.com/TurixAI/TuriX-CUA` ... `pip install -r requirements.txt`

The skill depends on separately obtained external code and dependencies rather than a supplied, pinned install specification, and that external project is what the helper script is designed to run.

User impactThe actual behavior depends on the external TuriX repository and its installed dependencies, which are not fully represented by the provided skill artifacts.

RecommendationVerify the external repository, pin a trusted commit/version, review its requirements and code before granting macOS permissions, and prefer a reproducible install spec.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

The agent can resume interrupted tasks by setting a stable `agent_id` ... Background output is buffered - you won't see live progress until task completes or stops

Resume and buffered background execution are disclosed, but they mean the user may have less live visibility into an autonomous desktop-control process.

User impactA task may continue acting until completion or manual stop, and resumed tasks may carry prior context forward.

RecommendationUse the documented force-stop hotkey, check for running TuriX processes after use, and avoid resuming tasks unless the prior context is understood.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

README.md

Screen Recording: ... Add Terminal, VS Code ... Add `/your_install_dir/bin/node` ... Accessibility: ... Add Terminal, VS Code, Node, and `/usr/bin/python3`.

The setup asks the user to grant system-level screen observation and UI-control permissions to broad developer/runtime processes, which can expose or act through existing local sessions.

User impactThe granted processes may be able to view the desktop and control apps that are already logged in to personal, work, or financial accounts.

RecommendationGrant the minimum required permissions, prefer a dedicated low-privilege macOS user/profile, revoke permissions after use, and avoid running it around sensitive open applications.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Memory: Maintains context across task steps ... Logs are saved to `.turix_tmp/logging.log` ... LLM interactions and reasoning

The skill discloses local memory and logging of agent activity, which is expected for this kind of automation but may retain sensitive task context.

User impactTask details, reasoning, or information observed during desktop workflows may remain in local logs or memory-related state.

RecommendationInspect and clear `.turix_tmp/logging.log` and related state after sensitive tasks, and avoid using the agent with confidential screens unless that retention is acceptable.