ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

HiDPI Mouse

v1.0.0

Universal HiDPI mouse click handling for Linux desktop automation. Auto-detects scale factor or allows calibration for any screen resolution/DPI. Converts Claude display coordinates to xdotool screen coordinates.

0· 1.6k·2 current·2 all-time
by@zeyuyuyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included scripts: all files implement coordinate scaling, calibration, and xdotool-based mouse actions. However SKILL.md's declared required bins (xdotool, scrot, python3) is incomplete: the scripts also use xdpyinfo, xrandr, xrdb, bc, and python code requires the Pillow (PIL) library. These missing tool/library needs should have been declared.
Instruction Scope
Runtime instructions and scripts stay within the stated purpose: they read X information, create a calibration image, read/write a local config (~/.config/hidpi-mouse/scale.conf) and a /tmp cache, and perform mouse moves/clicks via xdotool. They do not reach out to network endpoints or access unrelated credentials. Note: scripts default DISPLAY to :1 and XAUTHORITY to ~/.Xauthority which may target an unexpected X server if the environment differs; this is operationally surprising but not malicious.
Install Mechanism
Instruction-only skill with bundled scripts (no installer). No arbitrary downloads or extraction occur. Files are local and readable; nothing writes outside the expected config/cache locations. Low install risk.
Credentials
The skill requests no credentials and only needs access to the X session and local filesystem (home and /tmp), which is proportionate. However the SKILL.md omitted several runtime binaries and the Python Pillow dependency; also scripts implicitly rely on DISPLAY and XAUTHORITY environment variables and will write to ~/.config/hidpi-mouse and /tmp/hidpi_scale_cache.
Persistence & Privilege
always:false (no forced inclusion). The skill can be invoked autonomously (default platform behavior) and, if run, can move/click the user's mouse — this is expected for a desktop-automation skill but worth noting as a capability with potential impact if invoked unexpectedly.
Assessment
This skill appears to do what it claims: it manipulates X11 to convert display coordinates and perform clicks. Before installing/using it: (1) review and satisfy dependencies beyond those listed — xdpyinfo, xrandr, xrdb, bc, and Python Pillow (PIL) are required at runtime; (2) test in a safe environment (no sensitive windows open) since the scripts will move/click your mouse; (3) check/adjust DISPLAY and XAUTHORITY to the correct X session (the scripts default to DISPLAY=:1 which may be incorrect); (4) inspect or run the scripts locally rather than granting any remote execution — there is no network communication, but mouse control can be disruptive if misused.

Like a lobster shell, security has layers — review code before you run it.

latestvk976cp5t7jmnxzx7j90efqjsvh80pw20

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments