SkillHub

clawdos

v2.1.1

Windows automation via Clawdos API: screen capture, mouse/keyboard input, window management, file-system operations, and shell command execution. Standalone CLI execution via Python script. Use when the user wants to control or inspect a Windows host remotely.

Sourced from ClawHub, Authored by danzig233

Installation

Please help me install the skill `clawdos` from SkillHub official store. npx skills add danzig233/clawdos

Clawdos

Overview

This skill exposes a CLI wrapper around the Clawdos REST API, allowing you to operate a Windows machine securely from OpenClaw via shell commands. Instead of loading tools, use exec to call the standalone python script scripts/clawdos.py.

⚠️ SECURITY & SANDBOX MECHANISM

File System Sandbox Protection: - All file system operations (fs_list, fs_read, fs_write, fs_delete, fs_move) are restricted to a sandboxed root directory on the Windows host. - The sandbox root is configured via the CLAWDOS_FS_ROOT_ID environment variable and enforced server-side. - The Clawdos service prevents access to files outside the designated sandbox directory. Path traversal attempts (e.g., ../../../) are blocked. - This isolation ensures that skill operations cannot accidentally or intentionally access sensitive system files, user documents, or configuration outside the permitted scope.

Network Isolation: - The Clawdos service only communicates with the configured CLAWDOS_BASE_URL and does not establish unauthorized external connections. - All API calls are authenticated via CLAWDOS_API_KEY and encrypted over HTTPS when applicable.

⚠️ AUTHORIZATION & CAPABILITY WARNINGS

This skill grants access to powerful Windows automation capabilities. Users must explicitly understand and authorize the following operations:

  1. Shell Command Execution (shell_exec)
  2. Can execute arbitrary PowerShell or cmd commands on the Windows host.
  3. Even within the sandbox, commands can potentially modify system state, install software, or alter configurations.

  4. Only use with trusted sources and explicit user approval.

  5. File Deletion (fs_delete)

  6. Permanently removes files and directories within the sandbox.
  7. No recovery mechanism exists once deleted.

  8. Exercise extreme caution; confirm deletion intent before execution.

  9. File Upload/Download (--file, --out)

  10. The CLI script can read local files and upload them to the Windows host (within sandbox).
  11. The script can download remote files from the Windows host to the agent system.

  12. Do not use with sensitive files or untrusted remote systems.

  13. Persistent Screen/Window Monitoring

  14. Visual actions (screen_capture, window_list, window_focus) can observe active GUI content.
  15. If sensitive information is visible on screen, it may be captured.

⚠️ Requirements

This skill requires a corresponding server running on your Windows host. Ensure the Windows host is running danzig233/clawdos. The connection parameters (CLAWDOS_BASE_URL and CLAWDOS_API_KEY) must be configured via OpenClaw's skill configuration UI or environment variables, as specified in this file's metadata.

Usage

You interact with Clawdos by running the scripts/clawdos.py CLI using the exec tool. The script will automatically pick up the CLAWDOS_BASE_URL and CLAWDOS_API_KEY environment variables injected by OpenClaw.

Basic Syntax:

python3 ~/.nvm/versions/node/v22.22.1/lib/node_modules/openclaw/skills/clawdos/scripts/clawdos.py <action> --args '{"key":"value"}'

Available Actions

1. Visual Navigation & System Check

  • health: Check service status.
  • get_env: Get screen resolution, DPI scale, and active window.
  • window_list: List all open windows.
  • window_focus: Focus a window. Args: {"titleContains": "..."} or {"processName": "..."}
  • screen_capture: Take a screenshot. Use --out path/to/save.png to save binary. Args: {"format": "png", "quality": 80}

2. Precise Input (Mouse & Keyboard)

(Prioritize keyboard/shell when possible to avoid visual estimation errors) - click: Click the mouse. Args: {"x": 100, "y": 200, "button": "left"} - move: Move cursor. Args: {"x": 100, "y": 200} - drag: Drag mouse. Args: {"fromX": 100, "fromY": 200, "toX": 300, "toY": 400} - keys: Press key combos. Args: {"combo": ["ctrl", "c"]} - type_text: Type text. Args: {"text": "hello"} - scroll: Scroll wheel. Args: {"amount": -500} - batch: Execute multiple input actions sequentially. Args: {"actions": [...]}

3. File & System Operations

  • fs_list: List directory contents. Args: {"path": "/"}
  • fs_read: Read a file (prints raw contents to stdout). Use --out path/to/save.bin to save binary files. Args: {"path": "/hello.txt"}
  • fs_write: Write to a file. Args: {"path": "/hello.txt", "content": "hello world"}. Or use --file path/to/local.bin to upload a local binary file.
  • fs_mkdir: Create a directory. Args: {"path": "/newdir"}
  • fs_delete: Delete a file or directory. Args: {"path": "/newdir", "recursive": true}
  • fs_move: Move or rename. Args: {"from": "/src", "to": "/dst"}
  • shell_exec: Run a shell command on the Windows host. Args: {"command": "dir", "args": ["/w"], "workingDir": ""}

Operation Strategy

Operational Best Practices

  • Prefer Keyboard & Shell: To minimize errors from visual coordinate estimation, prioritize using keyboard shortcuts (key_combo, type_text) or shell commands (shell_exec) over mouse operations whenever possible.
  • Targeted Mouse Usage: Reserve precise mouse operations (mouse_click, mouse_move, mouse_drag) strictly for necessary UI interactions (e.g., clicking a specific button on a web page, navigating a software interface, or focusing an input field).
  • Scrolling: Using mouse_scroll is safe and recommended for navigating long pages or documents.

Security Best Practices

  • Verify File Paths: Always confirm the target path is within the intended sandbox directory. The server enforces isolation, but double-check paths in scripts.
  • Audit Shell Commands: Review shell_exec commands before execution. Avoid running commands from untrusted sources.
  • File Transfer Restrictions: Only upload/download files you trust. Do not use --file with sensitive credentials or system files.
  • Minimize Screen Captures: Avoid capturing screens if sensitive information (passwords, tokens, personal data) may be visible.
  • Explicit Deletion Confirmation: Review the target path carefully before executing fs_delete. Deleted files cannot be recovered.

Examples

Focus MS Edge and type:

python3 scripts/clawdos.py window_focus --args '{"processName": "msedge"}'
python3 scripts/clawdos.py type_text --args '{"text": "https://openclaw.ain"}'

Take a screenshot and save it locally:

python3 scripts/clawdos.py screen_capture --out /tmp/windows_screen.png --args '{"format":"png"}'

Read a file from Windows:

python3 scripts/clawdos.py fs_read --args '{"path": "logs/app.log"}'

Execute PowerShell on Windows:

python3 scripts/clawdos.py shell_exec --args '{"command": "powershell", "args": ["-Command", "Get-Process"]}'