ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Computer Use Linux

v0.1.1

Top-level Linux computer-use skill with a bundled standalone runtime that bootstraps itself without any local Claude installation, private native modules, or...

0· 49·0 current·0 all-time
by@wimi321
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's description says it's a standalone Linux computer-use runtime and MCP server, and the code implements X11 screenshotting, keyboard/mouse control, process/app enumeration, and first-run virtualenv bootstrapping — that matches purpose. However the registry metadata lists no required binaries/env but the SKILL.md and code require Node (>=20), npm, and a Python runtime (to be bootstrapped). The omission of required binaries in metadata is an incoherence developers should fix.
Instruction Scope
SKILL.md explicitly instructs building (npm install, npm run build) and running node dist/cli.js from the bundled project and allows the server to auto-bootstrap a Python venv and pip-install runtime deps. The runtime code enumerates displays, captures screenshots, lists installed/running apps, reads process executable paths (psutil), and can synthesize input via pyautogui — all within the claimed scope. There is no instruction to read unrelated user files or call external endpoints in the SKILL.md, but the runtime will access local process and display state (sensitive).
!
Install Mechanism
No formal install spec is declared (instruction-only), but SKILL.md requires running npm install and the first-run bootstraps a Python virtualenv and pip-installs requirements from PyPI. That implies network downloads and writing files into the user home (~/.codex/skills/... and .runtime/venv). Using npm/pip is expected for this project, but it is higher risk than an instruction-only, no-download skill because it pulls code from registries at install/run time.
Credentials
The skill does not request credentials or environment secrets. It references optional env flags (CLAUDE_COMPUTER_USE_DEBUG, CODEX_THREAD_ID etc.) which are reasonable for runtime configuration. No disproportionate or unrelated credentials are required.
Persistence & Privilege
The skill is not always-enabled and follows the default model-invocation policy (agent may call the skill autonomously). It writes files under the user's home (config/lock files and the bundled project path) and creates a Python venv on first run — expected for this runtime but means it gains persistent presence and the ability to perform desktop actions on the host. Autonomous invocation combined with desktop-control capabilities increases blast radius; consider whether you want automatic agent-initiated GUI actions.
What to consider before installing
What to consider before installing: - Functionality & sensitivity: this skill captures screenshots, accesses clipboard/process info, enumerates installed/running apps, and can synthesize keyboard/mouse events — these are powerful and privacy-sensitive capabilities. Only install if you trust the author and intend to grant those abilities. - Missing metadata: the skill fails to declare required binaries (Node >=20, npm, Python). Confirm those prerequisites on your system before installing, and request the author update the metadata. - Network & disk activity: the build/run steps run `npm install` and will create a Python virtualenv and `pip install` packages from PyPI — expect network downloads and files written into your home directory (~/.codex/skills/... and a .runtime/venv). If you require offline or audited installs, review package-lock.json and runtime/requirements.txt and consider installing in a VM or sandbox first. - Review code & scripts: inspect scripts/install.sh and the runtime (runtime/linux_helper.py and the TypeScript files) yourself or have someone you trust review them. Look specifically for subprocess.exec/execFile calls or any unexpected outbound network calls in the omitted files. - Run safely: if you want to try it, run the server in an isolated environment (VM, container, or non-production account) and monitor network traffic and filesystem changes. Consider denying autonomous invocation until you’re comfortable with behavior, or run the skill only when explicitly invoked. - If you need help: ask the author to (1) declare required binaries/env in registry metadata, (2) document exactly what files/paths it writes, and (3) provide a reproducible minimal install/test plan for offline review.
project/src/lib/execFileNoThrow.ts:9
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

automationvk975q2j24gay7t9wf7asrf9qp9841w3hcomputer-usevk975q2j24gay7t9wf7asrf9qp9841w3hlatestvk975q2j24gay7t9wf7asrf9qp9841w3hlinuxvk975q2j24gay7t9wf7asrf9qp9841w3hmcpvk975q2j24gay7t9wf7asrf9qp9841w3hskillvk975q2j24gay7t9wf7asrf9qp9841w3hx11vk975q2j24gay7t9wf7asrf9qp9841w3h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments