ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Allow your claws to do things remotely on a Desktop machine via MCP

v1.0.1

Full remote desktop control of a machine via Remote Claws MCP. Use when asked to: take a screenshot of the remote desktop; click, type, or drag with the mous...

1· 98·0 current·0 all-time
by@wentbackward
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description promise full remote-desktop control and the SKILL.md documents desktop, browser, exec, and file tools that exactly match that purpose. There are no unrelated environment variables, binaries, or install steps requested that would be unexpected for a remote-control skill.
Instruction Scope
The instructions tell the agent to take screenshots, click/type, run arbitrary commands, and read/write files on the remote machine — all expected for full remote-control functionality. They do not instruct the agent to read local host secrets or unrelated system files. Note: the skill assumes use of an MCP/SSE-connected remote-claws server and references configuration in openclaw.json (bearer token), which is outside the skill file itself.
Install Mechanism
Instruction-only skill with no install steps and no code files. This is the lowest install risk: nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables or credentials in the registry metadata, which is consistent with being an instruction-only skill. However, the SKILL.md states the MCP server requires a bearer token configured in openclaw.json and may use allowlists and per-tool permissions. That configuration is external to the skill and not declared as a required env var — you should verify how and where that token is stored and that it is not leaked.
Persistence & Privilege
always:false and user-invocable:true (default) — the skill will not be forced into every agent run. disable-model-invocation is false, so the agent may call the skill autonomously. Given the high-power nature of remote-control tools (commands, files, screen), you should consider whether autonomous invocation is acceptable in your deployment and enforce per-tool permissions on the MCP server.
Assessment
This skill is coherent: it provides remote-desktop, browser automation, command execution, and file operations as advertised. That also means it is very powerful — if misused it can run commands and read/write files on the remote machine. Before installing: (1) Confirm you trust the Remote Claws MCP server you register (verify the server hostname, repository, and operator). (2) Ensure the bearer token referenced in openclaw.json is stored securely and that you understand which account/permissions it grants. (3) Configure per-tool permissions (permissions.json) and IP/host allowlists on the MCP server to limit what the agent can do. (4) Consider disabling autonomous invocation for this skill or require explicit user consent for actions that run commands or access files. (5) If you cannot verify the remote server and its operator, do not enable this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk975xzm3t8zzraw5yqy3dbdnad83ntmk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments