← 返回 Skills 市场
OpenClaw Desktop Control
作者
michealxie001
· GitHub ↗
· v1.0.0
· MIT-0
431
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install oc-desktop-control
功能描述
Remote desktop control and automation. Capture screenshots, control mouse and keyboard, automate UI interactions. Supports VNC, RDP, and local desktop enviro...
安全使用建议
This skill appears to be a desktop-automation tool, but there are red flags you should consider before installing:
- Mismatched claims: SKILL.md advertises VNC/RDP support and files (vnc_client.py, rdp_client.py) that are not present in the package. Treat those advertised network features as unimplemented until verified.
- Undeclared secrets: The docs recommend environment variables (DESKTOP_HOST, DESKTOP_PASSWORD) but the registry metadata doesn't declare or require them. Don't set credentials for this skill unless you confirm how/where they will be used and stored.
- Powerful local privileges: The skill can capture screenshots, read/write arbitrary files, and simulate keyboard/mouse input. These are expected for desktop control but also allow stealthy data capture or unintended command execution (e.g., typing into a terminal). Only run on machines where you trust the skill and its operator.
- Autonomous invocation risk: If you allow the agent to call this skill autonomously, it could take screenshots or manipulate the desktop without further prompts. If you need this functionality, restrict the skill to non-production, isolated environments and limit which agents/contexts can invoke it.
Recommendations:
- Review the full source (desktop_controller.py and scripts/main.py) to confirm implementations of file read/write and any networked clients before enabling.
- If you need remote VNC/RDP support, request the missing modules or a version that actually implements them.
- Do not provide real credentials or enable the skill on sensitive systems until you confirm where credentials are used and stored.
- Prefer running this in a sandbox/VM and monitor stdout/network traffic the first time it runs to detect unexpected exfiltration.
功能分析
Type: OpenClaw Skill
Name: oc-desktop-control
Version: 1.0.0
The skill provides extensive desktop automation capabilities, including full GUI control (mouse/keyboard) and arbitrary file read/write access via the `LocalDisplayController` class in `lib/desktop_controller.py`. While these features align with the stated purpose of 'Desktop Control,' the implementation lacks any path sanitization or safety constraints, allowing the agent to read or modify sensitive system files. Furthermore, the automation examples (e.g., `examples/create_file.txt`) demonstrate how the tool can be used to execute shell commands by typing into a terminal, effectively granting the agent shell access. Although no explicit evidence of malicious intent or data exfiltration was found, the broad, high-risk permissions make it a significant security concern.
能力评估
Purpose & Capability
The README and SKILL.md claim VNC/RDP support and list vnc_client.py/rdp_client.py/local_display.py in the architecture, but the repository manifest only contains lib/desktop_controller.py and no vnc/rdp client modules. SKILL.md also documents environment variables (DESKTOP_HOST, DESKTOP_PASSWORD, etc.) but the registry metadata lists no required env vars. These mismatches indicate the advertised capabilities are not fully implemented or the manifest is incomplete.
Instruction Scope
Runtime instructions and examples enable taking screenshots (including base64 output), reading/writing arbitrary desktop files, and simulating keyboard/mouse input. The integration example explicitly captures screenshots via subprocess and embeds them for 'AI analysis' (i.e., prints base64 to stdout). While consistent with desktop automation, these instructions allow capture and potential exfiltration of sensitive screen contents and files, and they reference environment variables not declared in the skill metadata.
Install Mechanism
No installer/remote download is used (instruction-only with included Python files). Dependencies are listed in requirements.txt and system package recommendations are standard (scrot, xdotool, cliclick). No high-risk remote install URLs were found.
Credentials
The SKILL.md suggests using DESKTOP_HOST, DESKTOP_PORT, DESKTOP_PASSWORD and DESKTOP_TYPE, but the skill metadata declares no required env vars. Requesting or recommending secrets without declaring them is a transparency issue. The skill can read and write arbitrary files on the host (file read/write commands), which is proportionate for a desktop-control tool but increases risk if the skill is enabled broadly or given autonomous access.
Persistence & Privilege
always:false (normal) and disable-model-invocation:false (normal), but because the skill can take screenshots, simulate input and read/write files, allowing autonomous invocation expands blast radius. There is no install-time persistence, but agent-side autonomous use should be restricted and reviewed before enabling on sensitive hosts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install oc-desktop-control - 安装完成后,直接呼叫该 Skill 的名称或使用
/oc-desktop-control触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Remote desktop automation: screenshot, mouse/keyboard control, application management, automation scripts. Based on Bytebot Computer Use pattern.
元数据
常见问题
OpenClaw Desktop Control 是什么?
Remote desktop control and automation. Capture screenshots, control mouse and keyboard, automate UI interactions. Supports VNC, RDP, and local desktop enviro... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 431 次。
如何安装 OpenClaw Desktop Control?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install oc-desktop-control」即可一键安装,无需额外配置。
OpenClaw Desktop Control 是免费的吗?
是的,OpenClaw Desktop Control 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Desktop Control 支持哪些平台?
OpenClaw Desktop Control 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Desktop Control?
由 michealxie001(@michealxie001)开发并维护,当前版本 v1.0.0。
推荐 Skills