← 返回 Skills 市场
qqshi13

WinControl

作者 QQSHI13 · GitHub ↗ · v1.5.0 · MIT-0
cross-platform ⚠ suspicious
142
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install wincontrol
功能描述
Provides an HTTP API on Windows to capture on-demand screenshots and remotely control mouse and keyboard actions via POST requests on port 8767.
安全使用建议
What to consider before installing/running WinControl: - Function & risk: This skill runs a local HTTP server (port 8767) that can take screenshots and fully control your mouse and keyboard. That capability is powerful and dangerous if the API is reachable by untrusted code or remote hosts. - Authentication: There is no built-in authentication or access control. Only run this if you understand and control the machine and network (or add your own authentication/restrict binding to localhost and firewall rules). - Provenance concerns: Packaging metadata is inconsistent (multiple different versions and licenses in skill.json, _meta.json, and changelog). The registry entry listed no homepage/source but skill.json references a GitHub URL — that mismatch reduces trust. Prefer skills with clear, consistent provenance and a verified upstream repository. - How to reduce risk: Run in a sandbox or disposable VM, restrict network access (block external access to port 8767), bind the server explicitly to localhost only, add an authentication layer (reverse proxy with basic auth or token), and review the full server.py source yourself. If you must run on your workstation, avoid running when remote access or port forwarding is possible. - Testing: Inspect server.py for any network calls or unexpected file access (we saw only local file operations and Win32 API calls). Start the server in an isolated environment first and watch for unexpected behavior. - When not to install: Do not run this on a production machine, multi-user server, or any machine exposed to untrusted networks without adding strong access controls. If you want, I can (a) list the exact lines in server.py that implement the HTTP handlers and cleanup so you can audit them, or (b) suggest a minimal wrapper that binds to 127.0.0.1 and requires a bearer token to reduce risk.
能力评估
Purpose & Capability
The name/description align with the included code: server.py implements screenshot capture and mouse/keyboard control and SKILL.md documents how to run it. Required runtime packages (pywin32, pillow, mss) are appropriate for the functionality. Small inconsistencies in packaging metadata exist (registry lists v1.5.0, _meta.json shows v1.4.1, skill.json shows v1.1.0 and a different license/homepage) which reduce trust in provenance but do not contradict the stated purpose.
Instruction Scope
SKILL.md instructs the user to run a long‑running HTTP server on port 8767 that accepts POSTs to perform desktop actions and to write screenshot.jpg into the skill folder. The instructions do not request unrelated files or credentials, but they create an unauthenticated local API that can perform privileged actions (mouse/keyboard, screenshots). An unauthenticated local HTTP control surface is a significant security exposure if the port becomes reachable from other hosts or if other processes or misconfigurations forward the port. The instructions also recommend running from WSL/PowerShell and include start/stop scripts that operate on local files; no direct external exfiltration endpoints are present in the provided code.
Install Mechanism
This is instruction-only (no package installer). Dependencies are standard PyPI packages (pywin32, pillow, mss) installed via pip per SKILL.md — expected for this functionality. No downloads from untrusted URLs, no archive extraction, and the included start/stop scripts are simple wrappers.
Credentials
The skill requests no environment variables, no credentials, and does not reference external config paths beyond its own skill folder and /tmp for WSL. That is proportionate to its purpose. The lack of authentication is a design choice (not an environment/credential mismatch) but increases operational risk.
Persistence & Privilege
The skill is not flagged always:true and does not modify other skills. It writes a screenshot file into its own directory and cleans it up on exit — behavior described in SKILL.md and implemented in server.py. Note that the platform default allows the agent to invoke skills autonomously; combined with this skill's control surface, that increases blast radius if the agent or other skills are compromised.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wincontrol
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wincontrol 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
Added POST /move endpoint for cursor movement without clicking
v1.4.2
Single screenshot.jpg in skill folder, overwritten each capture, removed frames folder logic
v1.4.1
Reverted to MIT-0 license per ClawHub policy requiring all skills to be MIT-0
v1.4.0
Screenshots saved to skill folder, simplified capture response, removed GET /frames, fixed license to GPL-3.0
v1.3.0
Native Windows support (no WSL required), auto-cleanup on shutdown, better error handling, new GET /frames endpoint
v1.2.0
Unified keyboard API: merged /type, /key, /combo into single /enter endpoint
v1.1.0
Simplified API: removed /screen and /frames, added screen dimensions to /capture response
v1.0.0
Initial release of WinControl: remote control and screen capture for Windows via HTTP API. - Capture Windows desktop screenshots on-demand with a POST request; images saved to WSL `/tmp`. - Control mouse and keyboard remotely over HTTP endpoints on port 8767 (click, drag, scroll, type, key, combo). - Simple API: `/capture`, `/click`, `/drag`, `/scroll`, `/type`, `/key`, `/combo`, with JSON payloads. - Integrates with WSL for easy bi-directional access; includes start/stop scripts for WSL usage. - No authentication; server binds to localhost only for safety. - Includes troubleshooting, usage guides, Python client example, and OpenClaw integration notes.
元数据
Slug wincontrol
版本 1.5.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

WinControl 是什么?

Provides an HTTP API on Windows to capture on-demand screenshots and remotely control mouse and keyboard actions via POST requests on port 8767. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 142 次。

如何安装 WinControl?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wincontrol」即可一键安装,无需额外配置。

WinControl 是免费的吗?

是的,WinControl 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

WinControl 支持哪些平台?

WinControl 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 WinControl?

由 QQSHI13(@qqshi13)开发并维护,当前版本 v1.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论