Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Computer Use Linux
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Linux desktop-automation skill, but it needs review because it can view and control the desktop and clipboard, relies on not-yet-validated gating, disables a built-in automation failsafe, and auto-installs runtime dependencies.
Treat this as granting an agent hands-on access to your Linux desktop. Prefer a VM or dedicated Linux/X11 account, review the source and dependencies, expect npm/pip runtime setup, keep sensitive windows and clipboard contents out of view, and verify an independent stop mechanism before using it on important accounts or production work.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If the agent targets the wrong window or acts without adequate review, it could click, type, launch apps, or use clipboard/screen data in unintended places.
Why it was flagged
The skill exposes broad desktop-control tools, and the README says a key containment check was not end-to-end validated on real Linux applications.
Skill content
"standalone MCP server for screenshots, mouse, keyboard, app launch, window/display mapping, and clipboard" ... "Not yet validated in this session: ... foreground-window enforcement against real Linux apps"
Recommendation
Use only in a trusted, isolated Linux/X11 session; keep action confirmations enabled where possible; validate window-gating behavior before using it on sensitive accounts or production work.
What this means
A mistaken or looping automation sequence could interact with the desktop quickly without the standard PyAutoGUI mouse-corner stop mechanism.
Why it was flagged
The helper disables PyAutoGUI's built-in corner failsafe and removes action pauses, reducing the user's emergency-stop margin during automated mouse/keyboard activity.
Skill content
pyautogui.FAILSAFE = False pyautogui.PAUSE = 0
Recommendation
Run in a VM, throwaway desktop session, or dedicated user account, and ensure you have an independent way to stop the process before granting it sensitive desktop access.
What this means
Installing or running the skill may download and install Python packages into the bundled runtime environment.
Why it was flagged
The runtime bootstrap is disclosed and aligned with the skill's purpose, but first-run dependency installation means the user is trusting the package sources used at runtime.
Skill content
The first real run will automatically create `.runtime/venv` and install the public Python dependencies.
Recommendation
Review the dependency files, use trusted package indexes, and consider pinning/auditing dependencies before use in sensitive environments.
What this means
The skill can spawn local programs as part of building/running its desktop-control runtime.
Why it was flagged
The static scan shows local process execution. That is expected for this build/runtime bridge, but it is still a powerful local capability.
Skill content
const child = execFile(
Recommendation
Only run the bundled project from a source you trust and avoid granting it access to sensitive desktop sessions until you have reviewed the code and dependencies.
What this means
Whatever is visible on screen or present in the clipboard may be processed by the local agent session using this MCP server.
Why it was flagged
Screenshots and clipboard contents are sensitive local data that can be exposed to the connected MCP client/agent. The artifacts frame this as trusted-local use, which is purpose-aligned but important for users to understand.
Skill content
standalone MCP server for screenshots, mouse, keyboard, app launch, window/display mapping, and clipboard
Recommendation
Use the skill only with trusted local agents, and clear or hide sensitive windows and clipboard contents before running desktop automation.