📦 Desktop Control 1.0.0 — 桌面自动化

Name: Desktop Control 1.0.0 — 桌面自动化
Rating: 6

v1.0.0

通过鼠标、键盘与屏幕控制实现高级桌面自动化，一键完成点击、输入、截屏等操作，提升重复任务效率。

6· 3.1k·52 当前·56 累计

by @wpegley

自动化系统工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

medium confidence

NULL

评估建议

This skill appears to implement exactly what it claims (advanced desktop automation), but it can: capture screenshots, read/write the clipboard, open apps, and drive your mouse/keyboard. Before installing or running it: 1) Verify provenance — the package _meta ownerId differs from the registry ownerId shown; confirm the publisher. 2) Inspect the full ai_agent.py for any network calls (requests, socket, urllib, http) before running — the truncated preview showed no obvious exfiltration, but verif...

详细分析 ▾

✓ 用途与能力

Name/description, SKILL.md, and included Python code all implement desktop automation (pyautogui-based DesktopController and an AI agent that plans and executes desktop actions). No unrelated cloud credentials or external service keys are requested. Note: registry metadata ownerId (provided separately) does not match the _meta.json ownerId in the package — this mismatch is an integrity / provenance concern and should be checked before trusting the package.

ℹ 指令范围

Runtime instructions and demos explicitly direct the agent to capture screenshots, read and write the clipboard, launch apps, and send keystrokes/mouse events. Those operations are legitimate for a desktop automation skill but are sensitive (screenshots and clipboard can expose private data). The SKILL.md and demos do not require per-action approval by default; the DesktopController supports require_approval but default usage in examples does not enable it.

✓ 安装机制

There is no external download/install script in the registry metadata; code files are included in the skill bundle. SKILL.md recommends pip-installing common Python packages (pyautogui, pillow, opencv-python, etc.) from PyPI — this is expected and not disproportionate. No remote archive URLs or shorteners are used.

✓ 凭证需求

The skill requests no environment variables, secrets, or unrelated credentials. Its functionality relies on local system access (mouse, keyboard, screen, clipboard) which is appropriate for the stated purpose.

ℹ 持久化与权限

always is false (good). disable-model-invocation is false (normal) so the agent could invoke the skill autonomously. Combined with the included ai_agent (which can plan and autonomously execute multi-step tasks and capture screenshots), this increases blast radius if the skill is invoked without supervision. The skill does not request elevated system config changes or alter other skills' configs.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/6

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install desktop-control-1-0-0

镜像加速npx clawhub@latest install desktop-control-1-0-0 --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库