← Back to Skills Marketplace
79
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install xia-desktop-agent
Description
Windows桌面自动化代理。通过自然语言或预设指令控制桌面:截图、点击、输入、按键、打开应用、微信发消息/文件、ToDesk远程连接。Use when user asks to control desktop, send WeChat messages, establish ToDesk remote conn...
Usage Guidance
This skill largely does what it says (Windows GUI automation), but review and take precautions before installing:
- Local LLM dependency: task_planner posts to http://127.0.0.1:18789. Ensure you have a trusted local LLM at that address or modify the code; otherwise planning will fail or unexpectedly reach another network endpoint.
- Screenshots can contain sensitive info (passwords, private documents). The workflow encourages sending screenshots to an 'image' tool for OCR — confirm that any OCR/image tool is local and trusted before permitting automatic uploads.
- open_app uses subprocess.Popen(cmd, shell=True) for arbitrary app names. That can execute arbitrary shell commands if the 'app' string is attacker-controlled. If you will accept free-text plans, consider restricting allowed app names or removing shell=True.
- SafetyChecker only warns on dangerous keywords and does not block execution. Do not rely on it to prevent destructive actions; test in a sandboxed VM or non-sensitive machine first.
- WeChat file send can be used to transmit local files. Avoid running the skill on machines containing sensitive files unless you trust both the skill and the human/agent invoking it.
Recommended actions: run code review in your environment, run the skill in an isolated VM for testing, harden plan_task to a trusted LLM endpoint, sanitize or whitelist values passed to open_app, and ensure any OCR/image calls require explicit human approval before sending screenshots off-host.
Capability Analysis
Type: OpenClaw Skill
Name: xia-desktop-agent
Version: 1.0.0
The skill bundle provides extensive Windows desktop automation capabilities that pose a high security risk. Key indicators include a hardcoded ToDesk device code ('401315614') in both `SKILL.md` and `scripts/presets.py`, combined with a workflow designed to screenshot and exfiltrate remote access passwords to the chat interface. Furthermore, the safety module in `scripts/safety.py` is deceptive; while it identifies dangerous patterns (e.g., 'format', 'shutdown', 'del'), the `check_task` function is hardcoded to return `True` and allow the operations to proceed. The agent also utilizes high-risk functions like `subprocess.Popen(shell=True)` in `scripts/desktop_agent.py` and automates sensitive applications like WeChat, creating a significant surface for unauthorized data access or remote control.
Capability Assessment
Purpose & Capability
The name/description (Windows desktop automation, WeChat, ToDesk) match the included code and presets. The code implements expected functions (screenshot, click, type, open app, WeChat send, ToDesk screenshot). One incongruity: task_planner calls a local LLM endpoint (http://127.0.0.1:18789) but SKILL.md doesn't declare this as a runtime dependency or requirement.
Instruction Scope
SKILL.md and code direct the agent to take and save screenshots and to use an 'image' tool to OCR ToDesk passwords — that will commonly send screenshots to an external image model/tool (potentially exfiltrating sensitive screen contents). The planning path calls a local LLM service to generate action steps; that network call is not documented in requires.env. The SafetyChecker only logs/warns on dangerous keywords and returns True (it doesn't block dangerous plans), meaning the agent could still perform high-impact operations if a plan includes them.
Install Mechanism
This is instruction+code only; dependencies are Python packages (pyautogui, opencv, Pillow, pyperclip, pygetwindow, requests) installed via pip as documented. No remote binary downloads or obscure install URLs are used.
Credentials
The skill requests no environment variables or external credentials, which fits the claimed purpose. However, it reads/writes local paths (C:\temp\desktop_agent, C:\home\.openclaw\workspace\todesk_screen.png) and can send arbitrary local files via the WeChat preset (wechat_file). Combined with the SKILL.md recommendation to OCR screenshots using an 'image' tool, this creates an implicit channel to disclose sensitive local data unless the operator ensures the image tool is local and trusted.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install spec that persistently alters system-wide configuration. It runs when invoked by the user or when the agent autonomously chooses to invoke it (normal platform behavior).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xia-desktop-agent - After installation, invoke the skill by name or use
/xia-desktop-agent - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Windows桌面自动化:截图、点击、输入、微信发消息、ToDesk远程连接
Metadata
Frequently Asked Questions
What is Xia Desktop Agent?
Windows桌面自动化代理。通过自然语言或预设指令控制桌面:截图、点击、输入、按键、打开应用、微信发消息/文件、ToDesk远程连接。Use when user asks to control desktop, send WeChat messages, establish ToDesk remote conn... It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.
How do I install Xia Desktop Agent?
Run "/install xia-desktop-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Xia Desktop Agent free?
Yes, Xia Desktop Agent is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Xia Desktop Agent support?
Xia Desktop Agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Xia Desktop Agent?
It is built and maintained by Oldairman (@oldairman); the current version is v1.0.0.
More Skills