← 返回 Skills 市场
virtual-remote-desktop
作者
zhangxin15435
· GitHub ↗
· v1.0.3
1447
总下载
2
收藏
7
当前安装
4
版本数
在 OpenClaw 中安装
/install virtual-remote-desktop
功能描述
KasmVNC-based virtual desktop for headless Linux with AI-first automation and human handoff. Use when most steps are automated but a user must manually inter...
安全使用建议
What to consider before installing:
- The code will attempt to download and install a KasmVNC .deb from GitHub and uses sudo/apt — only run on machines you control or in an isolated VM.
- The installer uses an embedded Python snippet that imports 'requests' but the script does not ensure the module exists; the install may fail unexpectedly.
- The install may add your user to the 'ssl-cert' group so the service can use TLS keys — this grants access to system TLS private key files and is a privilege change.
- The skill reads/writes browser profile and cookie files (CHROME_PROFILE_DIR/Default/Cookies) and stores runtime secrets under ~/.openclaw/vrd-data; if you keep real login profiles there you may expose session cookies to the remote desktop/human handoff.
- Metadata understates actual requirements (binaries/env vars). Expect to need vncserver/vncpasswd, python3, wget, curl, ss/sg, xdotool, scrot, sudo.
Recommendations: review scripts line-by-line, run initially in a disposable VM/container, verify the downloaded .deb URL before installing, do not point CHROME_PROFILE_DIR at sensitive live profiles, and ensure you trust the source. If you need help hardening the flow (e.g., avoid adding ssl-cert group, require manual review of downloaded asset), ask and I can suggest changes.
功能分析
Type: OpenClaw Skill
Name: virtual-remote-desktop
Version: 1.0.3
The skill provides a KasmVNC-based virtual desktop for AI automation, which inherently involves high-privilege operations like running a browser, interacting with a GUI (`xdotool`), and network exposure. While the `SKILL.md` and scripts do not show explicit malicious intent (e.g., data exfiltration, backdoors), the `start_vrd.sh` script allows binding the VNC server to `0.0.0.0` (`KASM_BIND=0.0.0.0`) for 'temporary public takeover', which is a significant security risk if not properly secured or if the `AUTO_STOP_IDLE_SECS` is bypassed. Additionally, the script's `chrome_sandbox_flags` function may launch Chrome with `--no-sandbox` under certain conditions, increasing the attack surface for browser exploits. These capabilities, while documented as part of the skill's functionality, represent substantial vulnerabilities that could be exploited by a compromised agent or environment, thus classifying it as suspicious rather than benign.
能力评估
Purpose & Capability
Name/description match the files: scripts implement installing and running KasmVNC, providing VNC actions (click/type/screenshot) and a guided start/stop workflow. However the registry metadata claims no required env vars/binaries while the scripts expect many binaries (vncserver, vncpasswd, python3, curl, ss, sg, wget, sudo, xdotool, scrot) and use many environment settings (KASM_BIND, CHROME_PROFILE_DIR, KASM_PASS, etc.). That mismatch between declared requirements and actual needs is inconsistent and surprising.
Instruction Scope
SKILL.md and scripts instruct the agent to install system packages, write runtime files to ~/.openclaw/vrd-data and to a chrome profile dir, create KasmVNC user/password files, and (optionally) auto-launch a browser using an existing profile/cookies. The scripts read/write local browser cookie/profile paths and runtime secrets (kasm user/password files), and will expose a VNC URL + username/password to the human for handoff. The instructions do not request external tokens, but they do access local sensitive data (browser profile, cookies) which is within scope for a remote-desktop tool but should be explicitly declared.
Install Mechanism
install_kasmvnc.sh fetches a release asset via the GitHub releases API and downloads the .deb using wget — GitHub releases is a reasonable source. However the embedded Python uses the 'requests' module (not installed/checked), so the installer can fail silently or produce empty ASSET_URL. The installer requires sudo and runs apt-get to install the downloaded package and runtime deps, which is a moderate-risk install mechanism and requires user privilege.
Credentials
The registry claims no required env vars/credentials, but scripts accept and use many environment variables controlling bind address, profile paths, passwords, and browser behavior. The installer and runtime may add the user to the 'ssl-cert' group (to access TLS key), which is a privileged change. The skill also reads/writes browser profile and cookie files (CHROME_PROFILE_DIR/Default/Cookies) — accessing these is sensitive and should be declared and limited. Overall requested/used environment access is broader than the metadata indicates.
Persistence & Privilege
always:false (good). The skill performs one-time install steps requiring sudo and may add the user to the ssl-cert group (permanent group membership change), and writes runtime files under ~/.openclaw/vrd-data and a KASM_HOME. It does not request to always be loaded or modify other skills. The use of sudo and group modification increases blast radius and should be considered before install.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install virtual-remote-desktop - 安装完成后,直接呼叫该 Skill 的名称或使用
/virtual-remote-desktop触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Version 1.0.3 of virtual-remote-desktop contains no code or documentation changes; this is a metadata-only update.
v1.0.2
**Major update: KasmVNC replaces noVNC, adds automation-focused features and mobile/desktop presets.**
- Migrated from x11vnc+noVNC to KasmVNC for better security, performance, and user experience.
- Added guided startup script for requirement-driven configuration (device type, rendering mode, access mode, network quality).
- Introduced a suite of computer-use style action scripts for AI automation (click, type, key, scroll, screenshot, etc.).
- Improved support for both desktop and mobile browser emulation and VNC stream options.
- Streamlined security practices: safer defaults, recommend local tunnel access, and better user/account separation.
- Updated documentation for new installation steps, usage flow (AI-human-AI handoff), and best practice presets.
v1.0.1
- Added detailed `read_when` and `metadata` sections to SKILL.md for improved discoverability and safety guidance.
- Documented external binary requirements and directories used for persistence and safety.
- Updated security notes to clarify that the access token is stored securely in `WORKDIR/access.token` with restrictive file permissions.
- No changes to scripts or code in this version.
v1.0.0
Initial release of virtual-remote-desktop.
- Provides a secure, token-gated noVNC virtual desktop for remote visual login and headless Linux operation.
- Supports start, stop, status, and health check scripts for easy management.
- Auto-launches a URL on startup and offers configurable idle timeout and persistent Chrome profile.
- Emphasizes secure access with random VNC password and session token.
- Ideal for captcha handling and remote desktop tasks.
元数据
常见问题
virtual-remote-desktop 是什么?
KasmVNC-based virtual desktop for headless Linux with AI-first automation and human handoff. Use when most steps are automated but a user must manually inter... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1447 次。
如何安装 virtual-remote-desktop?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install virtual-remote-desktop」即可一键安装,无需额外配置。
virtual-remote-desktop 是免费的吗?
是的,virtual-remote-desktop 完全免费(开源免费),可自由下载、安装和使用。
virtual-remote-desktop 支持哪些平台?
virtual-remote-desktop 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 virtual-remote-desktop?
由 zhangxin15435(@zhangxin15435)开发并维护,当前版本 v1.0.3。
推荐 Skills