📦 GUI Automation — 桌面自动化

v1.0.1

通过运行在 8000 端口的 CUA 计算机服务器 API，远程控制桌面应用与界面，实现跨程序点击、输入、窗口管理等自动化任务。

0· 328·2 当前·3 累计

by @sarinali

自动化 API工具系统工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

medium confidence

NULL

评估建议

This skill is coherent for GUI automation but requires you to install and run a third-party server that can fully control your desktop. Before using it: (1) Verify the pip package and GitHub repo authorship and inspect the source code if possible; (2) run the server only when needed, in the foreground, bound to 127.0.0.1; (3) use a dedicated VM or isolated account on high-risk machines; (4) prefer reviewing requirements.txt and package metadata, and install inside a virtualenv; (5) avoid binding...

详细分析 ▾

✓ 用途与能力

The name/description (desktop/GUI automation) align with the SKILL.md: it instructs the user to run a local CUA server and shows curl commands to send mouse/keyboard/screenshot commands. Nothing requested by the skill (no credentials, no unrelated files) is inconsistent with desktop control.

ℹ 指令范围

The runtime instructions are narrowly scoped to installing and running a local server and calling its API (screenshot, clicks, key presses). They do not ask the agent to read unrelated files or exfiltrate data. However, the instructions explicitly enable full desktop control and include examples for executing arbitrary commands via the server API, which is powerful and potentially risky if misused.

ℹ 安装机制

This is an instruction-only skill (no install spec in registry). The SKILL.md recommends pip installing 'cua-computer-sdk' or cloning a GitHub repo. Installing third-party packages via pip or running cloned source is common for this functionality but carries supply-chain risk — the registry metadata contains no homepage and the package/repo are not verified here.

✓ 凭证需求

The skill declares no environment variables, credentials, or config paths. The privileges requested (run as your user) are proportionate for a desktop-control tool; no unrelated secrets are requested.

✓ 持久化与权限

always is false and the skill does not instruct persistent system-wide installation; it recommends running the server temporarily and binding to localhost. Autonomous model invocation is allowed by default (platform behavior) but the skill itself does not request force-inclusion or system-level changes.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/11

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install gui-automation

镜像加速npx clawhub@latest install gui-automation --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库