If you discover a security vulnerability in agent-computer-use, please report it responsibly:
- Do not open a public GitHub issue
- Email the maintainers directly (see Cargo.toml for contact)
- Include steps to reproduce and potential impact
We will respond within 48 hours and issue a fix as soon as possible.
agent-computer-use requires Accessibility permissions to function. This is an OS-level security boundary — the user must explicitly grant access. agent-computer-use does not:
- Transmit data over the network
- Store credentials or sensitive data (refs cache contains only element names/roles)
- Execute arbitrary code from remote sources
- Bypass OS security boundaries
agent-computer-use uses the following OS permissions:
| Permission | Why | Platform |
|---|---|---|
| Accessibility | Read/write the accessibility tree, simulate input | macOS |
| AT-SPI2 | Read/write the accessibility tree | Linux |
| UI Automation | Read/write the accessibility tree, simulate input | Windows |