PC Control
v1.0.0Remote Windows desktop control from WSL/Linux via screenshot + mouse/keyboard simulation. Use when: user asks to control their PC, click something, open an a...
⭐ 1· 482·2 current·2 all-time
byRongze Gao@zeron-g
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code (server, client, launcher, install) matches the described purpose (screenshot + mouse/keyboard simulation via a FastAPI server on Windows and a WSL client). However the skill metadata claims no required binaries or env vars while the implementation requires a Windows Python, PowerShell, and access to WSL's wslpath/WSL environment to launch the server — this mismatch is unexpected and should have been declared.
Instruction Scope
SKILL.md instructions stick to the stated purpose (install dependencies, start/stop server, take screenshots, perform GUI actions, verify after each action). The instructions do not ask the agent to read unrelated files or external endpoints. Note: the server exposes an unauthenticated /status endpoint (intentional in code) and writes an auth token to a local file that the WSL client reads — both are relevant security/usage details.
Install Mechanism
There is no opaque remote-download install: the provided install.py runs pip via PowerShell to install PyPI packages (fastapi, uvicorn, mss, pyautogui, pillow) into the Windows Python. This is a reasonable, traceable install method. It does, however, depend on the machine's PowerShell and Python configuration.
Credentials
The skill declares no credentials or env requirements but needs local execution privileges: it requires a Windows Python path, PowerShell, and the ability to run wslpath and start/stop Windows processes. It writes .auth_token and .last_used into the skill directory (token is how client authenticates). These local-file and process-control requirements are proportionate to the feature but were not declared in metadata and can expose sensitive control if the host is misconfigured or files are world-readable.
Persistence & Privilege
The skill is not force-included (always:false) and does not modify other skills. It persists two small files (.auth_token and .last_used) in the skill directory and can start/stop a background Python process. That behavior is expected for a local remote-control server, but users should be aware the server grants programmatic desktop control for as long as it runs and the token file exists.
What to consider before installing
This skill implements a powerful capability (remote control of your Windows desktop). The code matches the description, but the package metadata understates what it needs: you will need a Windows Python, PowerShell, and WSL utilities (wslpath). Before installing, verify you trust the skill source and inspect the files. Specific recommendations: 1) Confirm config.json points to the correct Windows python and PowerShell paths; prefer installing dependencies into a dedicated virtualenv rather than the system Python. 2) Limit network exposure: the server binds to 127.0.0.1, but ensure no port forwarding or reverse tunnels expose it externally. 3) Protect the skill directory: .auth_token is stored in plaintext — restrict filesystem permissions and remove the token file when not needed. 4) Consider requiring stronger auth or rotating the token between sessions. 5) Review the launcher stop code (it may forcibly stop python processes matching server.py) to avoid killing unrelated processes. 6) If you are uncomfortable with full GUI control, test in an isolated VM or disposable account first. If you want me to, I can point out the exact lines to change to require authentication on /status, to write token with restricted permissions, or to make the launcher use a venv.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
PC Control — Remote Desktop Control
Control a Windows desktop from WSL/Linux via screenshots (mss) + mouse/keyboard simulation (pyautogui). A FastAPI server runs on Windows; a Python client calls it from WSL.
Setup
1. Configure config.json
Edit config.json in the skill directory. Set python_path to a Windows Python with pip:
{
"server": {
"host": "127.0.0.1",
"port": 18888,
"python_path": "C:\\Python312\\python.exe"
},
"powershell": "/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe",
"auto_shutdown_minutes": 10,
"screenshot": {
"default_scale": 0.5,
"default_quality": 50
}
}
2. Install dependencies
python3 scripts/install.py
Installs fastapi uvicorn mss pyautogui pillow into the Windows Python.
Usage
Start the server
python3 scripts/launcher.py start
Take a screenshot and analyze
import sys; sys.path.insert(0, 'skills/pc-control/scripts')
from client import PCControl
pc = PCControl()
img_path = pc.screenshot(scale=0.5, quality=50)
# Use image analysis tool to understand the screen
Important: Screenshots are scaled. When clicking, divide target coordinates by the scale factor to get actual screen coordinates. E.g., if scale=0.5 and target is at (400, 300) in the image, click at (800, 600).
Execute actions
pc.click(x, y) # Left click
pc.double_click(x, y) # Double click
pc.right_click(x, y) # Right click
pc.move(x, y) # Move cursor
pc.scroll(x, y, clicks) # Scroll (negative = down)
pc.drag(x1, y1, x2, y2) # Drag
pc.type_text("hello") # Type text
pc.press("enter") # Press key
pc.hotkey("ctrl", "c") # Key combo
Verify after each action
Always screenshot after an action to confirm it worked before proceeding.
Stop the server
python3 scripts/launcher.py stop
Interaction Loop
screenshot → analyze → decide action → execute → screenshot verify → continue or done
Notes
- Server listens on localhost only with token auth (token auto-generated per session)
Win+R→ type app name → Enter is more reliable than clicking taskbar icons- Wait 1–2 seconds after clicks before re-screenshotting
- Prefer CLI/PowerShell when available — use this only for GUI-only tasks
Files
7 totalSelect a file
Select a file to preview.
Comments
Loading comments…