Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Gui Control
v1.0.0Control the GUI desktop on this machine using xdotool, scrot, and Firefox. Use when the user asks to open a browser, visit a website, take a screenshot, clic...
⭐ 0· 62·0 current·0 all-time
byKunal Sharma@vibes-me
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (GUI control using xdotool, scrot, Firefox) match the provided script and runtime instructions. However, the SKILL.md asserts availability of xdotool/scrot/firefox but the skill metadata does not declare those binaries as requirements—this mismatch is unexpected but not necessarily malicious.
Instruction Scope
Instructions explicitly direct the agent to take screenshots, read them (read_file('/tmp/screen.png')), and send them to the user via the message tool. Those actions are within the declared GUI purpose but carry clear privacy/exfiltration risk because desktop screenshots can contain sensitive information. The SKILL.md also tells the agent to write 'important system info' to MEMORY.md so other channels will know the display—this persists system state into agent memory and can expose information across channels, which is beyond what's needed for simple ephemeral GUI control.
Install Mechanism
No install spec (instruction-only + small helper script). No external downloads or archive extraction. The script is simple and its operations are transparent (firefox, scrot, xdotool, pkill, sleep).
Credentials
The skill declares no required environment variables or credentials, which is consistent with its function. It does, however, insist on using DISPLAY=:1 for all commands—this is reasonable for GUI control but the metadata does not declare this environment dependency explicitly. No other secrets are requested.
Persistence & Privilege
always:false and disable-model-invocation are normal. The concerning part is the explicit guidance to write system/display info to MEMORY.md so other agents/gateways will know about the display. That encourages persistent storage of system state (and possibly sensitive context) outside the ephemeral interaction, increasing cross-channel exposure risk.
What to consider before installing
This skill does what it says: it will open Firefox, simulate keyboard input, take screenshots, and send those screenshots back to the user. Before installing or using it, consider the following: 1) Desktop screenshots can contain sensitive data (passwords, chat windows, private documents). Only run this skill on machines where exposing the screen is acceptable. 2) The SKILL.md tells the agent to persist 'important system info' into MEMORY.md so other channels/agents can see it — remove or disable that behavior if you don't want cross-channel persistence. 3) The skill uses xdotool, scrot, and firefox but does not list them as required in the metadata; ensure those binaries are present and trusted on the host. 4) Test in a controlled environment first (no credentials or private windows visible) and monitor outgoing messages to verify only intended screenshots/data are transmitted. 5) If you need stricter limits, edit the SKILL.md/script to remove automatic read_file/send steps and the MEMORY.md guidance, and require explicit user confirmation before capturing or sending images.Like a lobster shell, security has layers — review code before you run it.
latestvk972fhz92yevw5sgz8f4rbbejx84d96e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.