← Back to Skills Marketplace
zhangxin15435

virtual-remote-desktop

by zhangxin15435 · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
1447
Downloads
2
Stars
7
Active Installs
4
Versions
Install in OpenClaw
/install virtual-remote-desktop
Description
KasmVNC-based virtual desktop for headless Linux with AI-first automation and human handoff. Use when most steps are automated but a user must manually inter...
Usage Guidance
What to consider before installing: - The code will attempt to download and install a KasmVNC .deb from GitHub and uses sudo/apt — only run on machines you control or in an isolated VM. - The installer uses an embedded Python snippet that imports 'requests' but the script does not ensure the module exists; the install may fail unexpectedly. - The install may add your user to the 'ssl-cert' group so the service can use TLS keys — this grants access to system TLS private key files and is a privilege change. - The skill reads/writes browser profile and cookie files (CHROME_PROFILE_DIR/Default/Cookies) and stores runtime secrets under ~/.openclaw/vrd-data; if you keep real login profiles there you may expose session cookies to the remote desktop/human handoff. - Metadata understates actual requirements (binaries/env vars). Expect to need vncserver/vncpasswd, python3, wget, curl, ss/sg, xdotool, scrot, sudo. Recommendations: review scripts line-by-line, run initially in a disposable VM/container, verify the downloaded .deb URL before installing, do not point CHROME_PROFILE_DIR at sensitive live profiles, and ensure you trust the source. If you need help hardening the flow (e.g., avoid adding ssl-cert group, require manual review of downloaded asset), ask and I can suggest changes.
Capability Analysis
Type: OpenClaw Skill Name: virtual-remote-desktop Version: 1.0.3 The skill provides a KasmVNC-based virtual desktop for AI automation, which inherently involves high-privilege operations like running a browser, interacting with a GUI (`xdotool`), and network exposure. While the `SKILL.md` and scripts do not show explicit malicious intent (e.g., data exfiltration, backdoors), the `start_vrd.sh` script allows binding the VNC server to `0.0.0.0` (`KASM_BIND=0.0.0.0`) for 'temporary public takeover', which is a significant security risk if not properly secured or if the `AUTO_STOP_IDLE_SECS` is bypassed. Additionally, the script's `chrome_sandbox_flags` function may launch Chrome with `--no-sandbox` under certain conditions, increasing the attack surface for browser exploits. These capabilities, while documented as part of the skill's functionality, represent substantial vulnerabilities that could be exploited by a compromised agent or environment, thus classifying it as suspicious rather than benign.
Capability Assessment
Purpose & Capability
Name/description match the files: scripts implement installing and running KasmVNC, providing VNC actions (click/type/screenshot) and a guided start/stop workflow. However the registry metadata claims no required env vars/binaries while the scripts expect many binaries (vncserver, vncpasswd, python3, curl, ss, sg, wget, sudo, xdotool, scrot) and use many environment settings (KASM_BIND, CHROME_PROFILE_DIR, KASM_PASS, etc.). That mismatch between declared requirements and actual needs is inconsistent and surprising.
Instruction Scope
SKILL.md and scripts instruct the agent to install system packages, write runtime files to ~/.openclaw/vrd-data and to a chrome profile dir, create KasmVNC user/password files, and (optionally) auto-launch a browser using an existing profile/cookies. The scripts read/write local browser cookie/profile paths and runtime secrets (kasm user/password files), and will expose a VNC URL + username/password to the human for handoff. The instructions do not request external tokens, but they do access local sensitive data (browser profile, cookies) which is within scope for a remote-desktop tool but should be explicitly declared.
Install Mechanism
install_kasmvnc.sh fetches a release asset via the GitHub releases API and downloads the .deb using wget — GitHub releases is a reasonable source. However the embedded Python uses the 'requests' module (not installed/checked), so the installer can fail silently or produce empty ASSET_URL. The installer requires sudo and runs apt-get to install the downloaded package and runtime deps, which is a moderate-risk install mechanism and requires user privilege.
Credentials
The registry claims no required env vars/credentials, but scripts accept and use many environment variables controlling bind address, profile paths, passwords, and browser behavior. The installer and runtime may add the user to the 'ssl-cert' group (to access TLS key), which is a privileged change. The skill also reads/writes browser profile and cookie files (CHROME_PROFILE_DIR/Default/Cookies) — accessing these is sensitive and should be declared and limited. Overall requested/used environment access is broader than the metadata indicates.
Persistence & Privilege
always:false (good). The skill performs one-time install steps requiring sudo and may add the user to the ssl-cert group (permanent group membership change), and writes runtime files under ~/.openclaw/vrd-data and a KASM_HOME. It does not request to always be loaded or modify other skills. The use of sudo and group modification increases blast radius and should be considered before install.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install virtual-remote-desktop
  3. After installation, invoke the skill by name or use /virtual-remote-desktop
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Version 1.0.3 of virtual-remote-desktop contains no code or documentation changes; this is a metadata-only update.
v1.0.2
**Major update: KasmVNC replaces noVNC, adds automation-focused features and mobile/desktop presets.** - Migrated from x11vnc+noVNC to KasmVNC for better security, performance, and user experience. - Added guided startup script for requirement-driven configuration (device type, rendering mode, access mode, network quality). - Introduced a suite of computer-use style action scripts for AI automation (click, type, key, scroll, screenshot, etc.). - Improved support for both desktop and mobile browser emulation and VNC stream options. - Streamlined security practices: safer defaults, recommend local tunnel access, and better user/account separation. - Updated documentation for new installation steps, usage flow (AI-human-AI handoff), and best practice presets.
v1.0.1
- Added detailed `read_when` and `metadata` sections to SKILL.md for improved discoverability and safety guidance. - Documented external binary requirements and directories used for persistence and safety. - Updated security notes to clarify that the access token is stored securely in `WORKDIR/access.token` with restrictive file permissions. - No changes to scripts or code in this version.
v1.0.0
Initial release of virtual-remote-desktop. - Provides a secure, token-gated noVNC virtual desktop for remote visual login and headless Linux operation. - Supports start, stop, status, and health check scripts for easy management. - Auto-launches a URL on startup and offers configurable idle timeout and persistent Chrome profile. - Emphasizes secure access with random VNC password and session token. - Ideal for captcha handling and remote desktop tasks.
Metadata
Slug virtual-remote-desktop
Version 1.0.3
License
All-time Installs 7
Active Installs 7
Total Versions 4
Frequently Asked Questions

What is virtual-remote-desktop?

KasmVNC-based virtual desktop for headless Linux with AI-first automation and human handoff. Use when most steps are automated but a user must manually inter... It is an AI Agent Skill for Claude Code / OpenClaw, with 1447 downloads so far.

How do I install virtual-remote-desktop?

Run "/install virtual-remote-desktop" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is virtual-remote-desktop free?

Yes, virtual-remote-desktop is completely free (open-source). You can download, install and use it at no cost.

Which platforms does virtual-remote-desktop support?

virtual-remote-desktop is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created virtual-remote-desktop?

It is built and maintained by zhangxin15435 (@zhangxin15435); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments