ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

pyautogui-skill

v1.0.0

Desktop automation via PyAutoGUI. Use when: user needs to automate mouse/keyboard actions, GUI testing, click/type sequences, screen-based workflows, or repe...

0· 328·1 current·1 all-time
by@yangye230147961
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the provided Python scripts and SKILL.md. Required binary (python3) and the referenced pip libraries (pyautogui, pyscreeze/Pillow) are appropriate for desktop GUI automation; no unrelated credentials or tools are requested.
Instruction Scope
SKILL.md and the scripts restrict actions to mouse/keyboard movement, screenshots, image location, and shortcuts. They reference local image paths and OS permission steps (macOS Accessibility) which are expected. There are no instructions to read arbitrary system files, network endpoints, or exfiltrate data.
Install Mechanism
No install spec is provided (instruction-only), and included code files are plain Python scripts. No downloads from untrusted URLs or archive extraction are present.
Credentials
The skill requests no environment variables or credentials. The lack of secrets is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills. Ordinary agent autonomy settings remain unchanged.
Assessment
This skill appears coherent for local desktop automation, but be aware of the inherent risks of any tool that controls your mouse and keyboard: only run these scripts from sources you trust, keep pyautogui.FAILSAFE enabled (moving the mouse to a corner aborts actions), and avoid running while sensitive windows (password managers, banking, terminals) are focused. Install Python packages in a virtualenv and verify package versions before installing. On macOS grant Accessibility permissions only to trusted Terminal/Python apps. If you plan to allow autonomous agent invocation of this skill, understand that it could simulate input without further prompts — consider limiting autonomous use if you have high-sensitivity workflows.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ykzxhwhmwnj7x9d1y74wp182r9yx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖱️ Clawdis
Binspython3

Comments