功能描述

Windows automation via Clawdos API: screen capture, mouse/keyboard input, window management, file-system operations, and shell command execution. Standalone...

使用说明 (SKILL.md)

Clawdos

Name: Windows Execution Interface for OpenClaw
Author: danzig233

Overview

This skill exposes a CLI wrapper around the Clawdos REST API, allowing you to operate a Windows machine securely from OpenClaw via shell commands. Instead of loading tools, use exec to call the standalone python script scripts/clawdos.py.

⚠️ SECURITY & SANDBOX MECHANISM

File System Sandbox Protection:

All file system operations (fs_list, fs_read, fs_write, fs_delete, fs_move) are restricted to a sandboxed root directory on the Windows host.
The sandbox root is configured via the CLAWDOS_FS_ROOT_ID environment variable and enforced server-side.
The Clawdos service prevents access to files outside the designated sandbox directory. Path traversal attempts (e.g., ../../../) are blocked.
This isolation ensures that skill operations cannot accidentally or intentionally access sensitive system files, user documents, or configuration outside the permitted scope.

Network Isolation:

The Clawdos service only communicates with the configured CLAWDOS_BASE_URL and does not establish unauthorized external connections.
All API calls are authenticated via CLAWDOS_API_KEY and encrypted over HTTPS when applicable.

⚠️ AUTHORIZATION & CAPABILITY WARNINGS

This skill grants access to powerful Windows automation capabilities. Users must explicitly understand and authorize the following operations:

Shell Command Execution (shell_exec)
- Can execute arbitrary PowerShell or cmd commands on the Windows host.
- Even within the sandbox, commands can potentially modify system state, install software, or alter configurations.
- Only use with trusted sources and explicit user approval.
File Deletion (fs_delete)
- Permanently removes files and directories within the sandbox.
- No recovery mechanism exists once deleted.
- Exercise extreme caution; confirm deletion intent before execution.
File Upload/Download (--file, --out)
- The CLI script can read local files and upload them to the Windows host (within sandbox).
- The script can download remote files from the Windows host to the agent system.
- Do not use with sensitive files or untrusted remote systems.
Persistent Screen/Window Monitoring
- Visual actions (screen_capture, window_list, window_focus) can observe active GUI content.
- If sensitive information is visible on screen, it may be captured.

⚠️ Requirements

This skill requires a corresponding server running on your Windows host. Ensure the Windows host is running danzig233/clawdos. The connection parameters (CLAWDOS_BASE_URL and CLAWDOS_API_KEY) must be configured via OpenClaw's skill configuration UI or environment variables, as specified in this file's metadata.

Usage

You interact with Clawdos by running the scripts/clawdos.py CLI using the exec tool. The script will automatically pick up the CLAWDOS_BASE_URL and CLAWDOS_API_KEY environment variables injected by OpenClaw.

Basic Syntax:

python3 ~/.nvm/versions/node/v22.22.1/lib/node_modules/openclaw/skills/clawdos/scripts/clawdos.py \x3Caction> --args '{"key":"value"}'

Available Actions

1. Visual Navigation & System Check

health: Check service status.
get_env: Get screen resolution, DPI scale, and active window.
window_list: List all open windows.
window_focus: Focus a window. Args: {"titleContains": "..."} or {"processName": "..."}
screen_capture: Take a screenshot. Use --out path/to/save.png to save binary. Args: {"format": "png", "quality": 80}

2. Precise Input (Mouse & Keyboard)

(Prioritize keyboard/shell when possible to avoid visual estimation errors)

click: Click the mouse. Args: {"x": 100, "y": 200, "button": "left"}
move: Move cursor. Args: {"x": 100, "y": 200}
drag: Drag mouse. Args: {"fromX": 100, "fromY": 200, "toX": 300, "toY": 400}
keys: Press key combos. Args: {"combo": ["ctrl", "c"]}
type_text: Type text. Args: {"text": "hello"}
scroll: Scroll wheel. Args: {"amount": -500}
batch: Execute multiple input actions sequentially. Args: {"actions": [...]}

3. File & System Operations

fs_list: List directory contents. Args: {"path": "/"}
fs_read: Read a file (prints raw contents to stdout). Use --out path/to/save.bin to save binary files. Args: {"path": "/hello.txt"}
fs_write: Write to a file. Args: {"path": "/hello.txt", "content": "hello world"}. Or use --file path/to/local.bin to upload a local binary file.
fs_mkdir: Create a directory. Args: {"path": "/newdir"}
fs_delete: Delete a file or directory. Args: {"path": "/newdir", "recursive": true}
fs_move: Move or rename. Args: {"from": "/src", "to": "/dst"}
shell_exec: Run a shell command on the Windows host. Args: {"command": "dir", "args": ["/w"], "workingDir": ""}

Operation Strategy

Operational Best Practices

Prefer Keyboard & Shell: To minimize errors from visual coordinate estimation, prioritize using keyboard shortcuts (key_combo, type_text) or shell commands (shell_exec) over mouse operations whenever possible.
Targeted Mouse Usage: Reserve precise mouse operations (mouse_click, mouse_move, mouse_drag) strictly for necessary UI interactions (e.g., clicking a specific button on a web page, navigating a software interface, or focusing an input field).
Scrolling: Using mouse_scroll is safe and recommended for navigating long pages or documents.

Security Best Practices

Verify File Paths: Always confirm the target path is within the intended sandbox directory. The server enforces isolation, but double-check paths in scripts.
Audit Shell Commands: Review shell_exec commands before execution. Avoid running commands from untrusted sources.
File Transfer Restrictions: Only upload/download files you trust. Do not use --file with sensitive credentials or system files.
Minimize Screen Captures: Avoid capturing screens if sensitive information (passwords, tokens, personal data) may be visible.
Explicit Deletion Confirmation: Review the target path carefully before executing fs_delete. Deleted files cannot be recovered.

Examples

Focus MS Edge and type:

python3 scripts/clawdos.py window_focus --args '{"processName": "msedge"}'
python3 scripts/clawdos.py type_text --args '{"text": "https://openclaw.ai\
"}'

Take a screenshot and save it locally:

python3 scripts/clawdos.py screen_capture --out /tmp/windows_screen.png --args '{"format":"png"}'

Read a file from Windows:

python3 scripts/clawdos.py fs_read --args '{"path": "logs/app.log"}'

Execute PowerShell on Windows:

python3 scripts/clawdos.py shell_exec --args '{"command": "powershell", "args": ["-Command", "Get-Process"]}'

安全使用建议

This skill is internally consistent: it is a CLI wrapper for a Clawdos REST service and legitimately needs the base URL and API key. However, it provides powerful remote-control capabilities (including remote arbitrary shell execution and file transfer). Before installing/using: only configure it with an API key for a Windows host you fully trust; confirm the Clawdos server enforces the sandbox (FS_ROOT_ID) server-side; avoid using --file to upload sensitive local files unless necessary; restrict network access (use HTTPS and a narrow base_url) and rotate the API key if it is ever exposed. If you enable autonomous invocation for the agent, be aware that an attacker who obtains the API key or compromises the skill metadata could perform high-impact actions on the Windows host.

功能分析

Type: OpenClaw Skill Name: clawdos Version: 2.1.1 The 'clawdos' skill provides a CLI wrapper for a remote Windows automation API, granting high-risk capabilities including arbitrary shell command execution (shell_exec), full file system access (read/write/delete), and screen monitoring. While these functions are documented as the skill's intended purpose and include mentions of a server-side sandbox, the inherent risk of remote code execution and data manipulation on the target Windows host via scripts/clawdos.py warrants a suspicious classification.

能力评估

✓ Purpose & Capability

Name/description (Windows automation via Clawdos) match the requested items: CLAWDOS_BASE_URL, CLAWDOS_API_KEY, CLAWDOS_TIMEOUT, and CLAWDOS_FS_ROOT_ID. The included Python CLI calls the configured REST endpoints (screens, input, fs, shell_exec) and therefore legitimately needs a base URL and API key. No unrelated credentials or binaries are requested.

ℹ Instruction Scope

SKILL.md instructs the agent to run the included scripts/clawdos.py and documents file upload (--file) and download (--out) behaviors. The instructions do not attempt to read unrelated system files or other environment variables, but they do permit the agent (when invoked with the corresponding flags) to read local files for upload and to write downloaded data to the agent filesystem — behavior that is expected for file-transfer operations but must be used with care. The skill also exposes remote shell_exec (arbitrary commands on the Windows host); this is documented but is a high-impact capability.

✓ Install Mechanism

No network install or third-party download is specified (instruction-only with an included Python script). The only declared dependency is requests; nothing is fetched from arbitrary URLs or extracted to disk at install time. Risk from install mechanism is low.

✓ Credentials

The four required environment variables correspond directly to the skill's function: base URL, API key, request timeout, and sandbox root ID. The declared primary credential is CLAWDOS_API_KEY, which is appropriate. No unrelated secrets or multiple unrelated credentials are requested.

ℹ Persistence & Privilege

always is false and the skill is user-invocable with normal autonomous invocation allowed. That is the platform default and acceptable here, but note the combination of autonomous invocation + ability to call shell_exec and to read local files (when passed --file) increases blast radius if the API key or server are untrusted — consider this when granting the API key and enabling autonomous use.

版本历史

v2.1.1

Added comprehensive security warnings and sandbox documentation

v2.1.0

Standardize Python integration and fix encapsulation

v2.0.1

Updated and improved tool encapsulation for better coordinate scaling and error handling.

v2.0.0

Version 2.0.0 release

v1.7.1

Latest updates

v1.7.0

Updated SKILL.md docs

v1.0.2

Updated SKILL.md documentation

v1.0.1

Added dependency link to SKILL.md for clarity.

v1.0.0

Initial release. Requires the Windows host side: https://github.com/danzig233/clawdos.git

元数据

Slug clawdos

版本 2.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 9

常见问题

Windows Execution Interface for OpenClaw 是什么？

Windows automation via Clawdos API: screen capture, mouse/keyboard input, window management, file-system operations, and shell command execution. Standalone... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 407 次。

如何安装 Windows Execution Interface for OpenClaw？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawdos」即可一键安装，无需额外配置。

Windows Execution Interface for OpenClaw 是免费的吗？

是的，Windows Execution Interface for OpenClaw 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Windows Execution Interface for OpenClaw 支持哪些平台？

Windows Execution Interface for OpenClaw 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Windows Execution Interface for OpenClaw？

由 danzig233（@danzig233）开发并维护，当前版本 v2.1.1。

Windows Execution Interface for OpenClaw