by 安全扫描
OpenClaw
安全
high confidenceThe skill's code, files, and runtime instructions align with its stated desktop/mobile GUI automation purpose and do not request unrelated credentials or perform hidden network operations.
评估建议
This skill appears to do what it says: local GUI automation using pyautogui/pywinauto plus instructions to use 'browser' and 'nodes' tools. Before installing or enabling it: (1) review and run the included demo scripts manually in a safe environment (VM) to confirm behavior; (2) only install the listed Python packages from the official PyPI registry; (3) be cautious about letting the agent invoke the skill autonomously, since input simulation and app-launching can perform destructive actions if ...详细分析 ▾
✓ 用途与能力
Name/description advertise browser, mobile and native app automation and the included files and instructions implement exactly that: pyautogui and pywinauto demos for local input/screenshot and guidance to use 'browser' and 'nodes' tools for browser and paired-device control. No unrelated credentials, binaries, or config paths are requested.
ℹ 指令范围
SKILL.md instructs the agent to use local Python scripts (exec) and platform tools ('browser', 'nodes', 'screenshot') to perform automation. That matches the declared purpose. Note: these instructions assume the agent environment provides the browser/nodes/screenshot tools and a Python interpreter; the skill also instructs installing packages with pip (pyautogui, pywinauto, pillow). The instructions do not ask the agent to read unrelated system files or export data to external endpoints.
✓ 安装机制
There is no install specification; this is instruction-only with two included demo scripts. The SKILL.md suggests pip installing common packages from PyPI (pyautogui, pywinauto, pillow) which is proportionate and traceable. No downloads from arbitrary URLs or extract steps are present.
✓ 凭证需求
The skill requires no environment variables, credentials, or config paths. The capabilities (local input simulation, launching apps, screenshots, paired-device control) legitimately do not require external secrets. No excessive or unrelated env/credential requests are present.
ℹ 持久化与权限
always is false and the skill is user-invocable; model invocation is allowed (platform default). This skill can simulate global mouse/keyboard events and start/connect to local apps, which are expected for desktop automation but are powerful actions—users should be aware of that operational risk before allowing autonomous runs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/4
Initial release: browser, mobile, and native app automation toolkit
● 可疑
安装命令
点击复制官方npx clawhub@latest install desktop-automation-pro-systiger
镜像加速npx clawhub@latest install desktop-automation-pro-systiger --registry https://cn.longxiaskill.com