MacPowerTools

Security checks across malware telemetry and agentic risk

Overview

This Mac utility is not clearly malicious, but it overstates its safety because it claims no persistence while writing local logs and history, and the shipped script is not a clean runnable Python file.

Review before installing. Treat this as a local user-level tool that may leave files under ~/.logs/macpowertools and ~/.config/macpowertools and may browse local LAN service advertisements if its fleet-scan command is run. The publisher should ship a syntactically valid script and replace the zero-persistence claims with accurate storage and cleanup details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no permissions while its documented capabilities imply file reads, file writes, and shell execution. This is a real security concern because it prevents reviewers and users from accurately understanding the skill’s effective access, reducing informed consent and making harmful operations easier to hide behind a 'safe local' label.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The skill claims 'zero internet' and 'zero persistence,' but the analyzed behavior includes persistent storage, LAN discovery, and advertising/share-message generation. This mismatch is dangerous because deceptive descriptions can induce users to run code they would otherwise reject, while persistence and network discovery expand the attack surface and enable tracking, lateral reconnaissance, or covert data retention.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill metadata and comments claim 'no persistence', but the code creates ~/.logs/macpowertools and ~/.config/macpowertools and writes logs and history there. This is a real integrity/transparency issue because users and calling agents may rely on the non-persistence claim when deciding whether to install or execute the skill.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill claims 'no internet' and '100% local', yet it performs network service discovery over mDNS on the local LAN. Even if it does not reach the public internet, this still initiates network activity and exposes/discovers nearby services, contradicting the stated trust boundary.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The LAN discovery function is not justified by the declared purpose of local Mac optimization, forecasting, cleanup, and backups. Unnecessary network enumeration increases attack surface, creates privacy concerns, and may enable lateral awareness of other systems or agents on the local network.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The file contains repeated safety claims such as '100% local', 'no internet', and 'only safe commands' while implementing persistent storage and LAN discovery. Misleading assurances are a security concern because they can cause users, orchestration systems, or reviewers to trust behavior that is broader than advertised.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The subprocess-based mDNS scan occurs without prominent user-facing disclosure of its privacy and network-discovery implications. In agent or automated contexts, this can surprise users and violate least astonishment, especially where tools are expected to remain host-local.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The code writes logs and historical run data under the user's home directory without clear disclosure in the metadata or help text. Silent retention can expose usage patterns or sensitive operational details to other local processes and conflicts with the stated 'no persistence' posture.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal