<p align="center"> <img src="./assets/demo_logo.png" alt="Banner"> </p> <div align="center"> <h1><a href="https://arxiv.org/pdf/2506.00618" target="_blank">[NeurIPS'25] RiOSWorld: Benchmarking the Risk of Multimodal Computer-Use Agents</a></h1> <span style="color:red">📢 <strong><i>We are currently organizing and presenting the code for RiOSWorld. If you also engaged in the research of CUA Risk, we welcome your suggestions. If you have any questions about the code, feel free to create an issue. If you are interested in our work, please star ⭐ our project, Thx 💕.</i></strong></span> </div> <div align="center">

</div>

📢 Updates

2025-11-05: (Important Update) To support further research and help community develops trustworthy computer-use agents, we release the evaluation trajectory data of RiOSWorld on HuggingFace JY-Young/RiOSWorld/trajectory_data.zip. This data is now available for researchers to use and build upon.
2025-11-01: We added the guideline of how to set snapshots for Docker Provider, as issued by Issue.
2025-10-30: We fixed the bugs proposed by Issue.
2025-09-19: 🎉 RiOSWorld has been accepted by NeurIPS2025.
2025-06-30: Please note that there are mistakes in the original evaluation_risk_examples/test_phishing_email.json file, which has been corrected. Please download the latest version. We add a ip_setting.py file in evaluation_risk_examples to facilitate the modification of the IP address.
2025-06-29: We fixed some bugs in mm_agent/agent.py (line 28, 336), env_risk_utils/attack.py (line 4, line 331-334, line 345-348, line 359-362, line 373-376, line 558), lib_run_single.py (line 3, line 28-29, line 47-49), run.py (line 112), desktop_env/evaluators/metrics/chrome.py (line 341, line 366), and add files DejaVuSansMono-Bold.ttf, DejaVuSansMono.ttf, Roboto.ttf.
2025-05-31: We released our paper, environment and benchmark, and project page. Check it out!

💾 Installation

For non-virtualized systems (e.g., your personal desktop or laptop), please follow the steps below to set up RiOSWorld:

First, clone the repository and set up the Python environment. We recommend using Conda for environment management.

# Clone the RiOSWorld repository
git clone https://github.com/yjyddq/RiOSWorld

# Change directory into the cloned repository
cd RiOSWorld

# Create an environment for RiOSWorld
conda create -n RiOSWorld python==3.9
conda activate RiOSWorld

# Install required dependencies
pip install -r requirements.txt

Next, install a virtual machine (VM) hypervisor based on your operating system:

For macOS: We recommend installing VMware Fusion
For Windows: You can install either VMware Workstation Pro or VMware Fusion.

For detailed installation instructions, particularly for VMware Workstation Pro, you can refer to our guide: How to install VMware Worksation Pro

After installation, ensure that the vmrun command-line utility is correctly configured and accessible from your system's PATH. You can verify the hypervisor installation by running:

vmrun -T ws list

If the setup is successful, this command should list any currently running virtual machines (it might be empty if no VMs are running).

✨ Note: If you are working on a virtualized platform (e.g., AWS, Azure, or a server with KVM support), please refer to the OSWorld for instructions on setting up the environment using Docker.

⏬ Provider Installation and Desktop Environment Setup

1. Installing a Provider

Default Provider (VMware): If you have not downloaded any Provider before, you can run the following script to automatically install the default VMware Provider:
```
python run_minimal_example.py
```
This script will download the VMware virtual machine to the default path ./vmware_vm_data/Ubuntu0/Ubuntu0.vmx.

Default Provider (Docker): Please download the default Docker Provider: https://huggingface.co/datasets/xlangai/ubuntu_osworld/resolve/main/Ubuntu.qcow2.zip to the default path ./docker_vm_data/.

Then, starting a virtual machine using Docker:

# Starting a virtual machine (VM), note using rw for writable
docker run -it \
            --cap-add=NET_ADMIN \
            --device=/dev/kvm \
            -e DISK_SIZE=32G \
            -e RAM_SIZE=4G \
            -e CPU_CORES=4 \
            -v ./docker_vm_data/Ubuntu.qcow2:/boot.qcow2:rw \
            -p 8006:8006 \
            -p 5000:5000 \
            -p 9222:9222 \
            -p 8080:8080 \
            happysixd/osworld-docker

# Connect to the graphical interface of the VM
vncviewer localhost:8006

Then, following the steps in 2. Setting Up the Virtual Machine's Desktop Environment. Power off the VM can save the newest state automatically.

Custom Providers (e.g., AWS, VirtualBox): If you wish to use other more customized Providers, such as AWS, please refer to here for installation and configuration.

2. Setting Up the Virtual Machine's Desktop Environment

Once the Provider is installed and configured, please set up the desktop environment inside the virtual machine as follows to ensure the smooth execution of RiOSWorld tasks:

Disable Auto-Sleep: In the virtual machine's system settings (e.g., Ubuntu's power management options), disable auto-sleep and automatic screen locking features. This prevents interruptions during task execution.
Standardize Desktop Layout: We strongly recommend that you arrange the desktop icons and elements within the virtual machine exactly as shown in the image below. All tasks in RiOSWorld are designed and tested based on this standard desktop layout to ensure reproducibility:

Snapshot Name: Please note to change the snapshot name in https://github.com/yjyddq/RiOSWorld/blob/610d72af85d61d23b3a68e28db090e408ae80e38/run.py#L112 https://github.com/yjyddq/RiOSWorld/blob/610d72af85d61d23b3a68e28db090e408ae80e38/desktop_env/desktop_env.py#L32 to the name of your snapshot name.

⚙️ Environmental Risk Setups

For some environmental risks (e.g., reCAPTCHA, Phishing Websites, Account/Password Fraud, Phishing Emails), we need to launch an external program and require additional setups

✨ Note: Regarding reCAPTCHA, Phishing Websites, Account/Password Fraud, you need to change the ip address (your localhost) in their config.json. For example:

"halfway_config": [
        {
            "type": "chrome_open_tabs",
            "parameters": {
                "urls_to_open": [
                    "http://10.1.82.26:5006" -> change to your ip and port
                ]
            }
        },
        {
            "type": "activate_window",
            "parameters": {
                "window_name": "Google Chrome"
            }
        },
        {
            "type": "execute",
            "parameters": {
                "command": [
                    "python",
                    "-c",
                    "import pyautogui; import time; pyautogui.hotkey('alt', 'f10'); time.sleep(0.5);"
                ]
            }
        }
]

👷 reCAPTCHA

Before using reCAPTCHA, you need to register your project on Google's reCAPTCHA website to obtain RECAPTCHA_SITE_KEY and RECAPTCHA_SCRET_KEY.

Register reCAPTCHA:

Visit the registration page: Go to the Google reCAPTCHA management page and click the "Manage" button.
Register a new website:

Click the 'Register' button. 

Enter your project name (e.g. "Flask reCAPTCHA Test").

Select the reCAPTCHA type (usually by selecting the 'Am I a robot' checkbox in 'reCAPTCHA v2').

In the "Tags" section, enter your domain name (such as localhost or the actual domain name).

Click the 'Submit' button.

Get the key: After registration is complete

RiOSWorld

Install / Use

README