Xdotool Control

Mouse and keyboard automation using xdotool. Use when clicking Chrome extension icons, typing into GUI apps, switching browser tabs, automating desktop UI, o...

This skill appears to be what it claims — a local Linux desktop automation helper using xdotool — but it gives the agent the ability to move the mouse, send keystrokes, and take screenshots. Before installing or enabling it, consider: 1) Only install if you trust the skill owner and you need local GUI automation. 2) Review the included scripts (they are bundled and readable) and do not run them as root. 3) Be cautious about using the skill together with any model-image-reading tool: screenshots saved to /tmp may contain passwords, auth cookies, or other sensitive UI state and may be transmitted to the model service when you use the 'Read' tool. 4) Note the tmux approve snippet — it can programmatically send confirmations into sessions (e.g., 'Yes' to a claude-session); ensure that's acceptable in your environment. 5) Because SKILL.md references an absolute path (~/.openclaw/workspace/skills/xdotool-control/...), confirm where your platform will place scripts so the sample invocations work. If you want additional assurance, run the scripts in a sandboxed user account or VM first, and avoid enabling autonomous invocation if you don't want the agent to trigger GUI actions without explicit user requests.

Type: OpenClaw Skill Name: xdotool-control Version: 1.0.0 The OpenClaw AgentSkills bundle provides powerful desktop automation capabilities using xdotool and scrot, which are inherently high-risk. While the SKILL.md instructions do not contain explicit malicious prompt injection, several shell scripts (`scripts/browser_action.sh`, `scripts/find_and_click.sh`, `scripts/snap_verify_click.sh`, `scripts/type_in_window.sh`) are vulnerable to shell injection. User-controlled arguments like `ACTION` in `browser_action.sh` or `WINDOW_NAME` in the other scripts are directly interpolated into shell commands without sanitization, allowing for arbitrary command execution if an attacker can control these inputs. This constitutes a critical vulnerability, classifying the skill as suspicious rather than malicious, as there's no evidence of intentional harmful behavior by the skill's author.