一键在 Manus 中运行任何 Skill

$pwd:

cua-localhost

Name: Cua Localhost
Author: code-yeongyu

// Drive the user's host machine directly through Cua, with no sandbox. Maps to Cua's Localhost API. Higher risk - the agent can click, type, and run shell commands on the real desktop. Use only when the user explicitly opts in and read the safety section first. Triggers - "control my computer", "click here", "use my real Chrome", "no sandbox", "내 컴퓨터 자동화".

在 Manus 中运行

$ git log --oneline --stat

stars:2

forks:2

updated:2026年5月13日 11:25

SKILL.md

readonly

name	cua-localhost
description	Drive the user's host machine directly through Cua, with no sandbox. Maps to Cua's Localhost API. Higher risk - the agent can click, type, and run shell commands on the real desktop. Use only when the user explicitly opts in and read the safety section first. Triggers - "control my computer", "click here", "use my real Chrome", "no sandbox", "내 컴퓨터 자동화".

Localhost (unsandboxed)

When mode: "localhost" is set in .pi/cua.jsonc, Cua connects to your host machine directly. There is no sandbox: every click, keystroke, scroll, and shell command happens on the real OS.

Activation

// .pi/cua.jsonc
{
  "mode": "localhost",
  "localhost": {
    "confirmDestructive": true
  }
}

Tools that work in this mode

cua_screenshot, cua_click, cua_type, cua_key, cua_scroll - all without a sandbox argument. For host shell execution use Pi's built-in bash tool. ComputerAgent-style autonomous delegation is no longer shipped here - the main pi agent loop drives the cua surface directly, and bash-level cua do task ... invocations are documented in the global cua-skill for callers that explicitly want sub-agent delegation.

cua_sandbox_start, cua_sandbox_stop, cua_sandbox_list are disabled.

Required permissions

macOS

Accessibility - System Settings > Privacy & Security > Accessibility

add your terminal / Pi binary
Screen Recording - same panel, Screen Recording
Automation - approve when prompted, or add manually for the apps you want to drive

Linux

X11 desktop (Wayland is NOT supported by Cua's localhost mode)
cua-auto controls input through pynput and captures screenshots through its Python screen backend

Windows

Localhost mode is best-effort on Windows; prefer local QEMU VM instead.

Safety guardrails

Confirm destructive shell. With confirmDestructive: true (default) the extension prompts before running shell commands containing patterns like rm -rf, dd, or curl ... | sh.
Never type secrets. Do not paste API keys or passwords; the model can see what you type.
Prefer sandbox mode for anything that opens unknown URLs or runs untrusted code.
Stop immediately if a screenshot shows unexpected content - the agent may have been redirected.

When to choose localhost

Driving your real browser/IDE because the workflow needs your real cookies/sessions.
Cross-window automation that does not fit in a sandbox.
Lightweight scripting where spinning up a VM is overkill.

For anything else, prefer local sandbox mode.

related-skills.json

同仓库

cua-control.md

from "code-yeongyu/pi-cua-integration"

Mouse, keyboard, and scroll primitives for cua_click / cua_type / cua_key / cua_scroll. Reference for action shapes, modifier keys, key chord syntax, and screenshot-driven targeting workflows.

2026-05-132

cua-overview.md

from "code-yeongyu/pi-cua-integration"

pi-cua-integration is a Pi/Senpi extension that bridges Cua (trycua/cua) for computer-use sandboxes and host control. MUST USE when the user asks to drive a desktop UI, take screenshots, run a "computer use" task, control a sandbox, or invoke any cua_* tool. Triggers - "cua", "computer use", "sandbox", "screenshot the desktop", "click the screen", "take over the browser", "샌드박스 켜줘", "스크린샷 찍어", "내 컴퓨터에서 자동화".

2026-05-132

cua-cloud-sandbox.md

from "code-yeongyu/pi-cua-integration"

Use Cua's cloud sandboxes via cua.ai. Requires CUA_API_KEY. Cloud sandboxes are isolated VMs run by trycua with billing per usage. Use when the user wants no local Docker/QEMU, wants Windows/macOS guests without Apple Silicon, or explicitly asks for cloud.

2026-05-132

cua-local-sandbox.md

from "code-yeongyu/pi-cua-integration"

Run Cua sandboxes locally - no API key required. Covers Docker (XFCE/Kasm) for Linux containers, QEMU for full VMs, Lume for macOS guests on Apple Silicon, and Tart for Apple VZ VMs. Use when the user wants a local sandbox, wants to keep things off the cloud, or asks "spin up an Ubuntu desktop", "open a sandbox VM", "let me try this safely first".

2026-05-132

package.json

"author": "code-yeongyu"

"repository": "code-yeongyu/pi-cua-integration"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

网络与计算机系统管理员计算机与数学类职业15-1244L4

name	cua-localhost
description	Drive the user's host machine directly through Cua, with no sandbox. Maps to Cua's Localhost API. Higher risk - the agent can click, type, and run shell commands on the real desktop. Use only when the user explicitly opts in and read the safety section first. Triggers - "control my computer", "click here", "use my real Chrome", "no sandbox", "내 컴퓨터 자동화".

Localhost (unsandboxed)

When mode: "localhost" is set in .pi/cua.jsonc, Cua connects to your host machine directly. There is no sandbox: every click, keystroke, scroll, and shell command happens on the real OS.

Activation

// .pi/cua.jsonc
{
  "mode": "localhost",
  "localhost": {
    "confirmDestructive": true
  }
}

Tools that work in this mode

cua_sandbox_start, cua_sandbox_stop, cua_sandbox_list are disabled.

Required permissions

macOS

Accessibility - System Settings > Privacy & Security > Accessibility

add your terminal / Pi binary
Screen Recording - same panel, Screen Recording
Automation - approve when prompted, or add manually for the apps you want to drive

Linux

X11 desktop (Wayland is NOT supported by Cua's localhost mode)
cua-auto controls input through pynput and captures screenshots through its Python screen backend

Windows

Localhost mode is best-effort on Windows; prefer local QEMU VM instead.

Safety guardrails

Confirm destructive shell. With confirmDestructive: true (default) the extension prompts before running shell commands containing patterns like rm -rf, dd, or curl ... | sh.
Never type secrets. Do not paste API keys or passwords; the model can see what you type.
Prefer sandbox mode for anything that opens unknown URLs or runs untrusted code.
Stop immediately if a screenshot shows unexpected content - the agent may have been redirected.

When to choose localhost

Driving your real browser/IDE because the workflow needs your real cookies/sessions.
Cross-window automation that does not fit in a sandbox.
Lightweight scripting where spinning up a VM is overkill.

For anything else, prefer local sandbox mode.

cua-localhost

Localhost (unsandboxed)

Activation

Tools that work in this mode

Required permissions

macOS

Linux

Windows

Safety guardrails

When to choose localhost

同仓库更多 Skills

同仓库更多 Skills

Localhost (unsandboxed)

Activation

Tools that work in this mode

Required permissions

macOS

Linux

Windows

Safety guardrails

When to choose localhost