ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Desktop Control 1.0.0

v1.0.0

Advanced desktop automation with mouse, keyboard, and screen control

6· 3k·51 current·56 all-time
by@wpegley
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md, and included Python code all implement desktop automation (pyautogui-based DesktopController and an AI agent that plans and executes desktop actions). No unrelated cloud credentials or external service keys are requested. Note: registry metadata ownerId (provided separately) does not match the _meta.json ownerId in the package — this mismatch is an integrity / provenance concern and should be checked before trusting the package.
Instruction Scope
Runtime instructions and demos explicitly direct the agent to capture screenshots, read and write the clipboard, launch apps, and send keystrokes/mouse events. Those operations are legitimate for a desktop automation skill but are sensitive (screenshots and clipboard can expose private data). The SKILL.md and demos do not require per-action approval by default; the DesktopController supports require_approval but default usage in examples does not enable it.
Install Mechanism
There is no external download/install script in the registry metadata; code files are included in the skill bundle. SKILL.md recommends pip-installing common Python packages (pyautogui, pillow, opencv-python, etc.) from PyPI — this is expected and not disproportionate. No remote archive URLs or shorteners are used.
Credentials
The skill requests no environment variables, secrets, or unrelated credentials. Its functionality relies on local system access (mouse, keyboard, screen, clipboard) which is appropriate for the stated purpose.
Persistence & Privilege
always is false (good). disable-model-invocation is false (normal) so the agent could invoke the skill autonomously. Combined with the included ai_agent (which can plan and autonomously execute multi-step tasks and capture screenshots), this increases blast radius if the skill is invoked without supervision. The skill does not request elevated system config changes or alter other skills' configs.
Assessment
This skill appears to implement exactly what it claims (advanced desktop automation), but it can: capture screenshots, read/write the clipboard, open apps, and drive your mouse/keyboard. Before installing or running it: 1) Verify provenance — the package _meta ownerId differs from the registry ownerId shown; confirm the publisher. 2) Inspect the full ai_agent.py for any network calls (requests, socket, urllib, http) before running — the truncated preview showed no obvious exfiltration, but verify there are none. 3) Run demos in a safe environment (VM or throwaway account) and close sensitive documents/apps. 4) Prefer constructing the DesktopController with require_approval=True and failsafe=True while testing so actions require your confirmation. 5) If you plan to allow autonomous invocation, restrict when/how the agent can run and monitor screenshots/saved files for sensitive data. If you want, I can scan the full ai_agent.py for network/http usage and other risky APIs — provide the remaining truncated contents or allow me to search the code for 'requests', 'socket', 'urllib', 'subprocess', 'open', and 'base64' usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk974v6z76jpv2fq3yy1jw2ppv580m9bb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments