clawdcursor

No direct malware indicators (e.g., credential theft, network exfiltration, persistence, backdoors, reverse shells) are evident in this snippet. The dominant security/supply-chain risk is the execution of external OCR helpers—especially PowerShell with '-ExecutionPolicy Bypass' on Windows—plus the privacy impact of writing captured screen imagery to a temporary file before OCR. Since the actual OCR_SCRIPT/MAC_OCR_SCRIPT/LINUX_OCR_SCRIPT contents are not included here, the likelihood of compromise cannot be fully assessed; this module should be reviewed together with the bundled OCR scripts and their dependencies.

This module is not overtly malicious in the code shown (no obfuscation, eval/dynamic execution, persistence, credential handling, or network exfiltration). However, it is a powerful local automation router: if untrusted input reaches `route()`, it can launch applications, open a default browser to an attacker-chosen URL (with minimal safety validation here), and type attacker-controlled strings into system search/Spotlight UI. Security risk is therefore driven by trust boundaries, alias configuration, and the PlatformAdapter’s enforcement/allowlisting rather than by direct malware behaviors in this file.

This fragment is a local in-memory workspace/state tracker that ingests clipboard text, window/process metadata, and browser URL/tab metadata, then computes a lightweight fingerprint to detect changes and stalls. There is no evidence of malicious execution or direct exfiltration in this module itself. However, the ability to capture and retain full clipboard contents and to track window/tab URLs is a sensitive capability that materially increases privacy/security impact when combined with other package components (e.g., persistence or transmission). Overall: low direct malware likelihood here, but moderate privacy/security risk due to clipboard + browsing/window context collection.

No clear, direct malware payload (no exfiltration, backdoor, or persistence) is evident in the provided fragment. However, the code has high-privilege behavioral capabilities: it executes PowerShell commands (dynamic -Command), launches external processes, can enable browser CDP/remote debugging, and writes arbitrary text to the system clipboard and pastes it. If any of the command-driving inputs (url/text/descriptor/task/appName) can be influenced by an attacker without strict allowlisting/validation, this could be leveraged for unauthorized user actions or abuse. Overall risk is moderate and should be reviewed for input control and allowlisting boundaries.

No explicit malware payload (network exfiltration, command execution, or obfuscated code) is visible in this fragment. However, it implements highly privacy-sensitive agent capabilities—OS clipboard read/write and screenshot capture—with direct propagation of clipboard text and screenshots into tool outputs. This represents a meaningful security and privacy risk and should be tightly permissioned, audited, and monitored in any supply-chain/agent context, especially regarding who can invoke these tools and where outputs are transmitted.

No clear signs of traditional malware (no network/exfiltration, no eval/dynamic execution, no credential theft) are present in this module alone. However, it implements and persists a powerful desktop automation mechanism that can replay arbitrary mouse/keyboard/scroll actions and inject arbitrary text via clipboard+paste. Because skills are loaded from a local JSON file with only light validation, the main supply-chain/security risk is abuse or tampering of skills.json (or upstream manipulation of recorded/promoted steps), which could lead to unintended UI interactions and clipboard-based text injection into the user’s active context.

The provided fragment does not show clear indicators of intentional malware (no obvious backdoor, reverse shell, obfuscated execution, or hardcoded malicious network destinations). Its primary security-relevant characteristics are (1) credential-in-use: resolved API keys are attached to Authorization headers for outbound calls to configuration-defined provider baseUrls, and (2) persistent filesystem modification: it creates symlinks/junctions/copies in user HOME directories for a “skills” feature, and (3) configuration persistence to disk. The main risk is therefore configuration integrity and credential exposure to misdirected endpoints, plus the broader impact of filesystem modifications. Review the surrounding modules that define CONFIG_FILE, PROVIDERS/resolveApiConfig, and any use of scanResults to ensure API keys are not written to disk and that baseUrl/provider selection cannot be attacker-controlled.

No direct malicious payload is visible because this fragment is only a tool/interface schema without implementation. However, it declares a high-impact automation capability set: screen/OCR and clipboard reading, OS/UI control (mouse/keyboard and form interactions), clipboard writing, and—most importantly—arbitrary JavaScript execution in browser context via CDP, with additional support for enabling/attaching remote debugging for WebView/Electron. This combination can be benign for automation/testing, but it is also consistent with techniques used for privacy/credential theft and workflow manipulation if safeguards are weak. Review the actual implementations for strict permissioning, consent boundaries, sandboxing/allowlisting for cdp_evaluate, and constraints on delegate_to_agent.

This module orchestrates macOS native capabilities (screen capture, accessibility tree traversal, and UI interaction) via a helper process or a localhost host app using a token. There is no clear evidence of external exfiltration or backdoor networking in the JS fragment, and spawn usage appears to avoid shell injection. However, the functionality is high-impact (spyware/remote-automation-like) and token generation is weak (Math.random) with a local token stored on disk. A definitive malware determination requires inspection of the native binaries/host endpoints.

This module is not overtly malicious in itself (no eval, no OS command execution, no direct network exfiltration in the fragment). However, it performs high-sensitivity screen scraping by combining OCR text with accessibility tree/element metadata and window/process identifiers, then packages the results into a prompt-like payload (with potential prompt-injection surface due to lack of escaping) and provides a deterministic fingerprint for correlation. The security risk is primarily privacy/data-handling and downstream misuse rather than explicit malware behavior within this file.

This module appears to be a legitimate Linux desktop automation/accessibility adapter, but it contains multiple high-impact capabilities (screen capture, clipboard read/write, UI tree inspection, and full mouse/keyboard/window control). While there is no direct evidence of covert exfiltration, backdoors, or obfuscated malware in this snippet, the combination of primitives is commonly leveraged in malicious tooling. Treat as security-sensitive: review how the library is used, ensure strong caller authorization, and verify the integrity of the bundled atspi-bridge.py script.

No direct evidence of intrinsic malware in this module (no obfuscation or explicit host compromise logic). However, it is a high-risk orchestration component: it captures sensitive screen/accessibility content (and optionally screenshots), base64-encodes images, and sends the resulting prompts to an external LLM endpoint along with an API key. It also executes host-impacting tool actions based on LLM-supplied arguments, gated by a safety layer whose robustness is external to this file. Overall risk is moderate because the main concern is privacy/data exfiltration and tool-driven capability, not overt malicious code in the fragment.

No direct evidence of explicit malware (e.g., network exfiltration, eval-based execution, or hardcoded secrets) is present in this fragment. The primary concern is capability exposure: the module can read OS clipboard contents and write arbitrary text into the clipboard, and it can drive desktop UI via focus + simulated keystrokes. If these handlers are reachable by untrusted callers or if handler outputs are forwarded externally, they could enable sensitive data theft and/or social-engineering workflows. Review and enforce strict authorization around clipboard access and UI automation; assess what happens to returned data downstream.

No direct evidence of malware exists in this JavaScript wrapper itself (no in-module obfuscation, credential theft, persistence, or network exfiltration). The primary security concern is that it launches powershell.exe with '-ExecutionPolicy Bypass' and forwards unvalidated, caller-controlled JSON command objects to an external bridge script over stdin—an inherently high-impact capability boundary. The true malware/abuse likelihood depends on the behavior and validation in scripts/ps-bridge.ps1 and the command protocol (especially whether it permits arbitrary PowerShell execution or sensitive operations).

This module provides macOS UI automation and accessibility/screen/clipboard capabilities (screenshots, clipboard read/write, keystrokes, window control). While there is no explicit network exfiltration or overt malware behavior in the fragment, the dynamic construction/execution of AppleScript commands using partially-sanitized, caller-controlled inputs (e.g., processName/title/targetClause) could allow AppleScript injection or unintended targeting if the inputs are attacker-controlled. Overall, the security risk is moderate due to high-impact actions (screen/clipboard capture) combined with command-string execution patterns.

No direct in-module malware indicators are visible (no obfuscation, no secrets, no network/file/process activity). However, the module defines and returns highly sensitive primitives: base64-encoded screen/region capture, arbitrary mouse/keyboard injection based on untrusted inputs, and clipboard-based typing into the active window. Security hinges on strict authorization and isolation of who can invoke these tools and where outputs (screenshots/text) can flow. Without strong upstream controls, this is a significant security risk for misuse rather than demonstrated malicious logic.

This Swift module implements a loopback-only, token-authenticated local RPC server. Its critical security feature is that POST /rpc forwards untrusted request bodies directly to a bundled helper executable via stdin, launched through Process(), and returns helper output/stderr over the network. While there is no direct evidence of overt malware in this file, the subprocess execution bridge plus plaintext token-in-home-directory make it a meaningful supply-chain/security risk that must be validated by inspecting the bundled helper binaries and securing token file permissions.

No clear evidence of embedded malware (no obfuscation, no eval/dynamic execution, no explicit exfiltration or persistence) in the provided fragment. However, it implements highly privileged desktop automation primitives—keystroke/mouse injection, window manipulation, accessibility focusing/waiting, and launching/opening arbitrary caller-specified files/URLs—which creates a substantial capability-abuse risk if an attacker can reach these handlers. Additional hardening is recommended, especially around open_file path validation and numeric-range validation for drag coordinates, plus strict permissioning/auditing at the integration layer.

This code is a high-capability LLM-driven desktop automation component that reads screenshots and (optionally) clipboard data, then sends them to an external chat/vision API with a Bearer token, and can execute arbitrary mouse/keyboard actions including typing arbitrary text. There is no direct evidence of malware/backdoor in the shown fragment, but the presence of clipboard/screenshot exfiltration and host control sinks makes it a notable security risk if safety controls or configuration/provider trust are compromised.

The fragment does not show classic malware behaviors (no credential theft, persistence, or remote exfiltration). However, it implements sensitive local orchestration: it can close an app and relaunch it with Chrome DevTools Protocol enabled (and uses PowerShell/Start-Process on Windows), then probes a localhost CDP endpoint. This is a legitimate debugging/automation capability, but it can be abused if appName/port are not strictly allowlisted and if the invoker’s authorization is not tightly controlled. Overall: moderate security risk focused on misuse/abuse potential rather than confirmed malicious intent.

No definitive malware/backdoor is present in the shown fragment (no explicit C2, shell persistence, or destructive file/process operations beyond window management). However, the code is a powerful desktop/AI automation agent: it reads the clipboard, captures screenshots, sends UI context to LLM/computer-use services, and uses OS scripting plus direct keyboard typing/navigation to control applications. These behaviors create meaningful supply-chain/security risk if an attacker can influence tasks, LLM outputs, config, or telemetry/logging destinations. Recommend strict permissioning, redaction, secure logging, and hardening around LLM JSON parsing and URL/app handling.

This module is a Windows UI-automation/screen/clipboard capable adapter. While it may be intended for accessibility/testing, it contains multiple high-impact actions (full/region screenshots, clipboard read/write, window manipulation via PowerShell, and element invocation/clicking). This pattern is commonly seen in automation tools and, when misused, in spyware. The fragment does not show overt network exfiltration or persistence, so malware likelihood is moderate rather than high, but supply-chain/misuse risk is significant. Malware score is driven by capability, not confirmed malicious intent.

The package.json itself does not contain clear malicious constructs like remote/http installs or non-registry dependency redirects, so supply-chain redirection risks are low. However, it executes local install/setup scripts and includes native build hooks and runtime dependencies that grant powerful desktop control. These are legitimate for a tool that automates a desktop, but they also present elevated security risks (input control, data exfiltration, system modification) if the package or its local scripts are malicious. Review the contents of scripts/verify-install.js, native/build.sh, and the package's runtime code (dist/index.js and any files it loads) before installing in sensitive environments.

This code provides powerful desktop surveillance/interaction capabilities: capturing the screen (including regions) and injecting mouse/keyboard events, including macOS keystroke automation via dynamically generated AppleScript executed with child_process. While there is no explicit network exfiltration shown, the presence of OS-level control + screen capture, and dynamic osascript construction from user-provided text/key combos, makes this module a high-risk candidate for misuse and should be reviewed carefully (especially for AppleScript injection hardening and for access control around who can invoke these methods).

SUSPICIOUS. The core capabilities broadly match a desktop automation skill, but the footprint is inherently high risk: unpinned curl|bash installation, full GUI control, autonomous real-world actions, and screenshot/text forwarding to an external AI provider. The skill is not clearly malware, yet its install trust and action scope make it dangerous enough to treat as high-risk agent tooling.

High-risk remote-control/spyware-like capability module: it exposes a JSON-RPC command loop over stdin without authentication, enabling an external controller to inspect other processes’ accessibility UI trees and window metadata, synthesize mouse/keyboard input, open apps, and capture the full screen (returning base64 image data) back to the caller via stdout. While there is no visible obfuscation or dynamic code execution in this fragment, the privileged behavior and in-band sensitive-data return make it a significant security alert for supply-chain usage.