Desktop Control 1.0.0
Security checks across malware telemetry and agentic risk
Overview
This is a coherent desktop automation skill, but it gives the agent very broad control over your screen, keyboard, mouse, clipboard, and logged-in apps.
Install only if you intentionally want OpenClaw to control your live desktop. Keep failsafe enabled, use approval mode for anything important, close sensitive windows, and supervise actions that could modify files, submit forms, post publicly, or use logged-in accounts.
VirusTotal
58/58 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong screen or with a broad request, the agent could click, type, save, submit, or trigger shortcuts in any active application.
The controller can send unrestricted desktop input, including hotkeys, and approval is available but disabled by default.
pyautogui.PAUSE = 0 ... def __init__(self, failsafe: bool = True, require_approval: bool = False): ... def hotkey(self, *keys, interval: float = 0.05)
Use this only with supervision, enable require_approval for sensitive tasks, keep failsafe enabled, and avoid using it while sensitive or high-value apps are open.
A mistaken click or wrong active window could cascade into file changes, app launches, copied data, or submissions before the user notices.
The AI layer can execute a planned sequence of up to 50 desktop actions, so one bad plan or screen interpretation can propagate through multiple UI changes.
def execute_task(self, task: str, max_steps: int = 50) ... for step_num, step in enumerate(plan, 1): ... step_result = self._execute_step(step)
Require step-by-step confirmation for workflows that modify files, accounts, public posts, payments, settings, or other important state.
Actions performed in browsers, social apps, email clients, or business tools may be attributed to the user.
The documentation presents workflows that would act through the user's logged-in accounts or desktop session, even though the skill has no scoped account permission model.
agent.execute_task("Post this image to Instagram with caption 'Beautiful sunset'")Do not let the skill operate in logged-in or business-critical apps unless you are watching and have approved the exact action.
Private messages, documents, credentials shown on screen, or other sensitive information may be captured in screenshots returned by the skill.
The autonomous agent captures and stores before/after screenshots in its result data, which may include sensitive on-screen information.
screenshot_before = self.dc.screenshot() ... screenshot_after = self.dc.screenshot() ... result["screenshots"].append({"before": screenshot_before, "after": screenshot_after})Close or hide sensitive windows before use, and treat generated screenshots and logs as sensitive data.
Installing unpinned dependencies can expose users to package version changes or compromised packages.
The skill asks the user to install unpinned third-party Python packages manually; this is expected for the purpose but has normal dependency provenance risk.
pip install pyautogui pillow opencv-python pygetwindow
Install dependencies in a trusted Python environment, consider pinning versions, and review package sources before use.