by coasty-ai
The Open Framework for autonomous virtual computer agents at scale, fully open-source, safe, auditable, and production-ready.
# Add to your Claude Code skills
git clone https://github.com/coasty-ai/open-computer-useGuides for using ai agents skills like open-computer-use.
Last scanned: 5/26/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@azure/identity: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@azure/msal-node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@openrouter/ai-sdk-provider: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "ai: Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "file-type: file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "jsondiffpatch: jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next-intl: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "qs: qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
}
],
"status": "PASSED",
"scannedAt": "2026-05-26T07:46:40.119Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}open-computer-use is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by coasty-ai. The Open Framework for autonomous virtual computer agents at scale, fully open-source, safe, auditable, and production-ready. It has 365 GitHub stars.
Yes. open-computer-use passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/coasty-ai/open-computer-use" and add it to your Claude Code skills directory (see the Installation section above).
open-computer-use is primarily written in TypeScript. It is open-source under coasty-ai on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh open-computer-use against similar tools.
No comments yet. Be the first to share your thoughts!
AI agents that control computers like humans do.
Browser automation · Terminal access · Desktop control · Multi-agent orchestration
Open Computer Use is an open-source platform that gives AI agents real computer control. Unlike chatbots that only talk about tasks, agents here actually perform them — browsing the web, running commands, clicking through UIs, and orchestrating multi-step workflows in isolated containers.
Computer use capabilities similar to Anthropic's Claude Computer Use, but fully open-source and extensible.
Browser — Search-first web navigation, form filling, element interaction, multi-tab management, screenshot capture.
Terminal — Command execution, file operations, script running, package management, output streaming.
Desktop — Mouse & keyboard control, window management, screenshot analysis, UI element detection via computer vision.
Planner — Decomposes complex requests into subtasks, assigns to specialized agents, passes context between steps.
Frontend (Next.js 15) Backend (FastAPI) VM (Docker)
┌──────────────────┐ ┌─────────────────────────┐ ┌──────────────────┐
│ Chat UI │────▶│ Multi-Agent Executor │────▶│ Chrome Browser │
│ Model Selector │ SSE │ ├─ Planner Agent │ WS │ Terminal │
│ VM Management │◀────│ ├─ Browser Agent │◀────│ Desktop (XFCE) │
│ Zustand Stores │ │ ├─ Terminal Agent │ │ Agent Server │
└──────────────────┘ │ └─ Desktop Agent │ │ VNC :5900 │
│ WebSocket · DB · Billing│ └──────────────────┘
└─────────────────────────┘
Node.js 20+ · Python 3.10+ · Docker · Supabase account · AI provider API key
git clone https://github.com/coasty-ai/open-computer-use.git
cd open-computer-use
# Frontend
npm install
# Backend
cd backend
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txt
cd ..
cp .env.example .env
cp backend/.env.example backend/.env
Set these in both .env files:
# Supabase (required)
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE=your-service-role-key
# Security (required — generate with: openssl rand -hex 32)
ENCRYPTION_KEY=...
CSRF_SECRET=...
# AI provider (at least one)
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
# Google Search (required for web search)
GOOGLE_SEARCH_KEY=...
GOOGLE_SEARCH_CX=...
# Via Supabase CLI
npm install -g supabase
supabase login
supabase link --project-ref your-project-ref
supabase db push
# Or paste supabase/schema.sql into the Supabase SQL Editor
Docker (recommended):
docker-compose up --build
Manual:
# Terminal 1 — Frontend
npm run dev
# Terminal 2 — Backend
cd backend && python main.py
# Terminal 3 — AI Desktop VM (optional)
docker-compose -f docker-compose.ai-desktop.yml up --build
Open http://localhost:3000, sign in, start a chat, and give your agent a task.
| Layer | Technologies |
|---|---|
| Frontend | Next.js 15, React 19, TypeScript, Tailwind CSS, Radix UI, Zustand, Vercel AI SDK |
| Backend | FastAPI, Python 3.10+, WebSockets, asyncio, uvicorn |
| AI Providers | OpenAI, Anthropic, Google, Azure, xAI, Mistral, Perplexity, OpenRouter |
| Infrastructure | Docker, Ubuntu 22.04 + XFCE, Chrome, Selenium, Supabase, Stripe |
| Desktop App | Electron 40, Puppeteer-core, platform-native automation (Win32 / CoreGraphics / xdotool) |
A lightweight overlay that runs AI agent commands directly on your local machine instead of a remote VM.
cd electron
npm install
npm run dev # Development with hot reload
npm run package # Build for current platform
├── app/ # Next.js routes & pages
├── components/ # React components (UI, chat, prompts)
├── lib/ # Stores, providers, services, utilities
├── backend/
│ └── app/
│ ├── api/routes/ # FastAPI endpoints
│ ├── services/ # Multi-agent executor, VM control, billing
│ ├── providers/ # AI provider integrations
│ └── core/ # Config, middleware, logging
├── electron/
│ └── src/
│ ├── main/ # App lifecycle, IPC, automation modules
│ ├── preload/ # Context bridge API
│ └── renderer/ # React UI, stores, components
├── docker/ai-desktop/ # Ubuntu VM container
└── supabase/ # Database schema
git checkout -b feature/your-featureBug reports and feature requests welcome in Issues.
This platform gives AI agents significant autonomy. Use it to automate repetitive tasks, testing, research, and content creation — not to violate terms of service, spam, or scrape without permission. Always use isolated environments, respect robots.txt, and follow data protection laws.
Apache License 2.0 — Copyright (c) 2025 Open Computer Use Contributors