Desktop Automation Skill 安全扫描报告 — 可信 | ClawSafe

8 /100

Desktop Automation Skill

Complete desktop automation for Windows/macOS/Linux with mouse/keyboard control, OCR, image recognition, and macro recording

Legitimate desktop automation skill with comprehensive safety features, well-documented behavior, and no malicious functionality detected.

技能名称Desktop Automation Skill

分析耗时52.6s

引擎pi

✓

可以安装

This skill is safe to use. Ensure pyautogui version is pinned in requirements.txt for supply chain stability.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ/WRITE`	`READ/WRITE`	✓ 一致	Saves macros to recorded_macro/, screenshots to ~/Desktop/, logs to ~/.openclaw/
命令执行	`WRITE`	`WRITE`	✓ 一致	Uses pyautogui for mouse/keyboard control; subprocess.Popen for GUI scripts
网络访问	`NONE`	`NONE`	—	No network requests found in any module
环境变量	`NONE`	`NONE`	—	Only reads AUTOMATION_LOG_DIR and AUTOMATION_SAFE_MODE for configuration
剪贴板	`WRITE`	`WRITE`	✓ 一致	copy_to_clipboard and paste_from_clipboard implemented via pyperclip
浏览器	`NONE`	`NONE`	—	No browser automation features
数据库	`NONE`	`NONE`	—	No database access
技能调用	`READ`	`READ`	✓ 一致	Loads macro JSON files for playback; launches scripts/record_macro.py and script…

1 高危 4 项发现

📡

高危 IP 地址硬编码 IP 地址

4.10.0.84

DEPENDENCIES.md:18

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

SKILL.md:3

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/MIT

SKILL.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue

SKILL.md:4

目录结构

23 文件 · 172.4 KB · 5030 行

Python 14f · 3666L Markdown 5f · 1272L JavaScript 1f · 38L Text 2f · 27L YAML 1f · 27L

├─ ▾ 📁 lib

│ ├─ 🐍 __init__.py Python 27L · 620 B

│ ├─ 🐍 actions.py Python 279L · 11.5 KB

│ ├─ 🐍 advanced_automation.py Python 548L · 20.6 KB

│ ├─ 🐍 automation.py Python 670L · 25.5 KB

│ ├─ 🐍 image_recognition.py Python 167L · 6.8 KB

│ ├─ 🐍 macro_player.py Python 175L · 6.5 KB

│ ├─ 🐍 ocr_engine.py Python 188L · 8.0 KB

│ ├─ 🐍 safety_manager.py Python 105L · 3.5 KB

│ ├─ 🐍 safety.py Python 103L · 4.1 KB

│ ├─ 🐍 utils.py Python 135L · 3.7 KB

│ └─ 🐍 vision.py Python 163L · 4.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 play_macro.py Python 336L · 12.7 KB

│ ├─ 🐍 record_macro.py Python 597L · 21.7 KB

│ └─ 🐍 test_automation.py Python 173L · 5.4 KB

├─ 📝 AUTHORS.md Markdown 38L · 912 B

├─ 📝 CONTRIBUTING.md Markdown 133L · 3.7 KB

├─ 📝 DEPENDENCIES.md Markdown 87L · 3.0 KB

├─ 📄 LICENSE.txt Text 21L · 1.1 KB

├─ 📝 README.md Markdown 670L · 17.0 KB

├─ 📄 requirements.txt Text 6L · 109 B

├─ 📜 skill.js JavaScript 38L · 1.1 KB

├─ 📝 SKILL.md Markdown 344L · 9.3 KB

└─ 📋 skill.yaml YAML 27L · 663 B

依赖分析 6 项

包名	版本	来源	已知漏洞	备注
`pyautogui`	`>=0.9.53`	pip	否	Version not pinned - recommend pinning to specific version
`pygetwindow`	`>=0.0.9`	pip	否	Version not pinned
`Pillow`	`>=8.0.0`	pip	否	Version not pinned
`opencv-python`	`>=4.5.0`	pip	否	Version not pinned
`pytesseract`	`>=0.3.10`	pip	否	Version not pinned
`pyperclip`	`>=1.8.2`	pip	否	Version not pinned

安全亮点

✓ Safe mode enabled by default with dangerous pattern detection

✓ Dry-run mode available on all actions for safe testing

✓ Comprehensive audit logging to ~/.openclaw/skills/desktop-automation-logs/

✓ Thread-safe implementation with proper locking

✓ Explicit privacy warnings about recording all keyboard/mouse events

✓ Credential protection: dangerous patterns (rm, sudo, /etc/, password, etc.) are blocked

✓ No network requests or data exfiltration

✓ No obfuscation, base64 payloads, or hidden functionality

✓ Well-structured, documented code with error handling

✓ Macro files validated before execution