← Back to Skills Marketplace
PC Control
by
Rongze Gao
· GitHub ↗
· v1.0.0
657
Downloads
1
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install pc-control
Description
Remote Windows desktop control from WSL/Linux via screenshot + mouse/keyboard simulation. Use when: user asks to control their PC, click something, open an a...
Usage Guidance
This skill implements a powerful capability (remote control of your Windows desktop). The code matches the description, but the package metadata understates what it needs: you will need a Windows Python, PowerShell, and WSL utilities (wslpath). Before installing, verify you trust the skill source and inspect the files. Specific recommendations: 1) Confirm config.json points to the correct Windows python and PowerShell paths; prefer installing dependencies into a dedicated virtualenv rather than the system Python. 2) Limit network exposure: the server binds to 127.0.0.1, but ensure no port forwarding or reverse tunnels expose it externally. 3) Protect the skill directory: .auth_token is stored in plaintext — restrict filesystem permissions and remove the token file when not needed. 4) Consider requiring stronger auth or rotating the token between sessions. 5) Review the launcher stop code (it may forcibly stop python processes matching server.py) to avoid killing unrelated processes. 6) If you are uncomfortable with full GUI control, test in an isolated VM or disposable account first. If you want me to, I can point out the exact lines to change to require authentication on /status, to write token with restricted permissions, or to make the launcher use a venv.
Capability Analysis
Type: OpenClaw Skill
Name: pc-control
Version: 1.0.0
The skill provides remote Windows desktop control via screenshot, mouse, and keyboard simulation, which is an inherently high-risk capability. While the implementation includes security measures like localhost binding and ephemeral token authentication for its FastAPI server (scripts/server.py), and the SKILL.md does not contain prompt injection attempts, the use of PowerShell via `subprocess.run` in `scripts/install.py` and `scripts/launcher.py` to install dependencies and manage the server process represents powerful system command execution. These capabilities, though necessary for the skill's stated purpose, are significant and warrant a 'suspicious' classification due to their potential for misuse if the agent or skill configuration were compromised, even without clear evidence of intentional malicious behavior within the skill itself.
Capability Assessment
Purpose & Capability
The code (server, client, launcher, install) matches the described purpose (screenshot + mouse/keyboard simulation via a FastAPI server on Windows and a WSL client). However the skill metadata claims no required binaries or env vars while the implementation requires a Windows Python, PowerShell, and access to WSL's wslpath/WSL environment to launch the server — this mismatch is unexpected and should have been declared.
Instruction Scope
SKILL.md instructions stick to the stated purpose (install dependencies, start/stop server, take screenshots, perform GUI actions, verify after each action). The instructions do not ask the agent to read unrelated files or external endpoints. Note: the server exposes an unauthenticated /status endpoint (intentional in code) and writes an auth token to a local file that the WSL client reads — both are relevant security/usage details.
Install Mechanism
There is no opaque remote-download install: the provided install.py runs pip via PowerShell to install PyPI packages (fastapi, uvicorn, mss, pyautogui, pillow) into the Windows Python. This is a reasonable, traceable install method. It does, however, depend on the machine's PowerShell and Python configuration.
Credentials
The skill declares no credentials or env requirements but needs local execution privileges: it requires a Windows Python path, PowerShell, and the ability to run wslpath and start/stop Windows processes. It writes .auth_token and .last_used into the skill directory (token is how client authenticates). These local-file and process-control requirements are proportionate to the feature but were not declared in metadata and can expose sensitive control if the host is misconfigured or files are world-readable.
Persistence & Privilege
The skill is not force-included (always:false) and does not modify other skills. It persists two small files (.auth_token and .last_used) in the skill directory and can start/stop a background Python process. That behavior is expected for a local remote-control server, but users should be aware the server grants programmatic desktop control for as long as it runs and the token file exists.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pc-control - After installation, invoke the skill by name or use
/pc-control - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: remote Windows desktop control from WSL/Linux via screenshot + mouse/keyboard simulation (FastAPI + pyautogui + mss)
Metadata
Frequently Asked Questions
What is PC Control?
Remote Windows desktop control from WSL/Linux via screenshot + mouse/keyboard simulation. Use when: user asks to control their PC, click something, open an a... It is an AI Agent Skill for Claude Code / OpenClaw, with 657 downloads so far.
How do I install PC Control?
Run "/install pc-control" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PC Control free?
Yes, PC Control is completely free (open-source). You can download, install and use it at no cost.
Which platforms does PC Control support?
PC Control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PC Control?
It is built and maintained by Rongze Gao (@zeron-g); the current version is v1.0.0.
More Skills