Give eyes to your openclaw
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherently described as a user-requested screen and voice capture MCP tool, but it handles sensitive screen/audio data, local retained captures, and an MCP bearer token.
Install this only if you want OpenClaw to see and analyze your screen or voice when you ask. Prefer region/window capture for private work, keep the MCP token secret, verify any remote MCP or vision-model endpoint you configure, and periodically clear `~/.eye2byte/output/` if sensitive content was captured.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent may see private windows, notifications, documents, or audio that were not intended for the task.
The skill exposes broad screen and audio capture capabilities. This is expected for an 'agent eyes' skill, but misuse could reveal sensitive on-screen or spoken information.
capture screenshots, voice, and annotations from any screen, monitor, or device via MCP
Use window or region capture when possible, avoid all-monitor capture unless needed, and invoke it only for tasks where you are comfortable sharing what is visible or audible.
Old screenshots or summaries may contain private data and could influence later agent work if retrieved.
The skill retains local captures and summaries that can be reused later. This is disclosed and bounded by cleanup settings, but it creates persistent sensitive context.
Captures are stored in `~/.eye2byte/output/` ... deleted after N days (default: 7) ... `get_recent_context` Retrieve recent Context Pack summaries from previous captures.
Review or shorten the cleanup window, delete saved captures after sensitive sessions, and avoid capturing secrets or private documents when possible.
Anyone who obtains the token may be able to access the configured MCP screen-capture service.
The skill uses a bearer token for MCP remote access. This is expected for remote transport, but the token protects access to screen-capture functionality.
MCP token: When using SSE remote transport, the `--token` flag sets a bearer token stored only in the user's `openclaw.json`. Treat it like any API secret.
Use a strong unique token, keep `openclaw.json` private, and rotate the token if it may have been exposed.
Screenshots, audio transcripts, or summaries may be processed by a configured model provider or sent over a remote MCP connection.
The artifact discloses MCP remote transport and possible external vision-model processing. These flows fit the purpose, but they carry sensitive screen/audio-derived data outside the immediate local capture tool.
Nothing is sent to external servers (except the vision model API the user configured). ... Remote ... `eye2byte-mcp --sse --token <secret>`
Use trusted model providers and trusted MCP endpoints, prefer local/same-machine use for sensitive work, and confirm transport URLs before connecting.
The installed package is what will implement the sensitive capture behavior.
The skill installs and relies on an external package rather than providing code in the artifact. That is normal for a packaged MCP server, but users depend on the package source and version integrity.
uv | package: eye2byte | creates binaries: eye2byte
Install from the expected PyPI/GitHub project, review the package if your environment is sensitive, and keep it updated or pinned according to your trust policy.