Desktop Automation Skill Security Report — Trusted | ClawSafe

8 /100

Desktop Automation Skill

Complete desktop automation for Windows/macOS/Linux with mouse/keyboard control, OCR, image recognition, and macro recording

Legitimate desktop automation skill with comprehensive safety features, well-documented behavior, and no malicious functionality detected.

Skill NameDesktop Automation Skill

Duration52.6s

Enginepi

✓

Safe to install

This skill is safe to use. Ensure pyautogui version is pinned in requirements.txt for supply chain stability.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ/WRITE`	`READ/WRITE`	✓ Aligned	Saves macros to recorded_macro/, screenshots to ~/Desktop/, logs to ~/.openclaw/
Shell	`WRITE`	`WRITE`	✓ Aligned	Uses pyautogui for mouse/keyboard control; subprocess.Popen for GUI scripts
Network	`NONE`	`NONE`	—	No network requests found in any module
Environment	`NONE`	`NONE`	—	Only reads AUTOMATION_LOG_DIR and AUTOMATION_SAFE_MODE for configuration
Clipboard	`WRITE`	`WRITE`	✓ Aligned	copy_to_clipboard and paste_from_clipboard implemented via pyperclip
Browser	`NONE`	`NONE`	—	No browser automation features
Database	`NONE`	`NONE`	—	No database access
Skill Invoke	`READ`	`READ`	✓ Aligned	Loads macro JSON files for playback; launches scripts/record_macro.py and script…

1 High 4 findings

📡

High IP Address 硬编码 IP 地址

4.10.0.84

DEPENDENCIES.md:18

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

SKILL.md:3

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

SKILL.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue

SKILL.md:4

File Tree

23 files · 172.4 KB · 5030 lines

Python 14f · 3666L Markdown 5f · 1272L JavaScript 1f · 38L Text 2f · 27L YAML 1f · 27L

├─ ▾ 📁 lib

│ ├─ 🐍 __init__.py Python 27L · 620 B

│ ├─ 🐍 actions.py Python 279L · 11.5 KB

│ ├─ 🐍 advanced_automation.py Python 548L · 20.6 KB

│ ├─ 🐍 automation.py Python 670L · 25.5 KB

│ ├─ 🐍 image_recognition.py Python 167L · 6.8 KB

│ ├─ 🐍 macro_player.py Python 175L · 6.5 KB

│ ├─ 🐍 ocr_engine.py Python 188L · 8.0 KB

│ ├─ 🐍 safety_manager.py Python 105L · 3.5 KB

│ ├─ 🐍 safety.py Python 103L · 4.1 KB

│ ├─ 🐍 utils.py Python 135L · 3.7 KB

│ └─ 🐍 vision.py Python 163L · 4.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 play_macro.py Python 336L · 12.7 KB

│ ├─ 🐍 record_macro.py Python 597L · 21.7 KB

│ └─ 🐍 test_automation.py Python 173L · 5.4 KB

├─ 📝 AUTHORS.md Markdown 38L · 912 B

├─ 📝 CONTRIBUTING.md Markdown 133L · 3.7 KB

├─ 📝 DEPENDENCIES.md Markdown 87L · 3.0 KB

├─ 📄 LICENSE.txt Text 21L · 1.1 KB

├─ 📝 README.md Markdown 670L · 17.0 KB

├─ 📄 requirements.txt Text 6L · 109 B

├─ 📜 skill.js JavaScript 38L · 1.1 KB

├─ 📝 SKILL.md Markdown 344L · 9.3 KB

└─ 📋 skill.yaml YAML 27L · 663 B

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`pyautogui`	`>=0.9.53`	pip	No	Version not pinned - recommend pinning to specific version
`pygetwindow`	`>=0.0.9`	pip	No	Version not pinned
`Pillow`	`>=8.0.0`	pip	No	Version not pinned
`opencv-python`	`>=4.5.0`	pip	No	Version not pinned
`pytesseract`	`>=0.3.10`	pip	No	Version not pinned
`pyperclip`	`>=1.8.2`	pip	No	Version not pinned

Security Positives

✓ Safe mode enabled by default with dangerous pattern detection

✓ Dry-run mode available on all actions for safe testing

✓ Comprehensive audit logging to ~/.openclaw/skills/desktop-automation-logs/

✓ Thread-safe implementation with proper locking

✓ Explicit privacy warnings about recording all keyboard/mouse events

✓ Credential protection: dangerous patterns (rm, sudo, /etc/, password, etc.) are blocked

✓ No network requests or data exfiltration

✓ No obfuscation, base64 payloads, or hidden functionality

✓ Well-structured, documented code with error handling

✓ Macro files validated before execution

Scan Report

File Tree

Dependencies 6 items

Security Positives