MacPowerTools
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears mostly local, but its artifacts contradict their own no-persistence safety claims and the packaged script is incoherent.
Review carefully before installing. Assume it may create files under ~/.logs/macpowertools and ~/.config/macpowertools, and only run LAN discovery if you are comfortable with local network scanning. The author should fix the no-persistence claim and provide a clean, complete runnable script before this is treated as low risk.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can leave command history and logs on the Mac even if the user expected no retained state.
The script creates persistent local storage and learning history, despite the skill description claiming 'zero persistence'.
LOG_DIR = Path.home() / ".logs" / "macpowertools" CONFIG_DIR = Path.home() / ".config" / "macpowertools" HISTORY_FILE = CONFIG_DIR / "learning.json"
Disclose the stored files, make logging/history opt-in, avoid writing files at import time, and provide a clear cleanup command.
Users may install or run the skill believing it leaves no persistent traces when it actually writes local state.
This strong safety/privacy claim is contradicted by the provided code, which creates logs and a learning history file.
Runs forever on your Mac Mini with zero internet, zero sudo, zero persistence.
Replace absolute safety claims with accurate documentation of what is stored, where, and how users can disable or delete it.
The skill may not run as described, and the safety of advertised cleanup/backup behavior cannot be verified from the provided artifacts.
The supplied .py file appears to include Markdown patch text/code fences and references omitted 'original' handlers, so the runnable package and reviewed source are not coherent.
```python #!/usr/bin/env python3 ... # ... [full original cleanup / monitor / backup / mseries-tune / security-hardening code from v2.5 remains exactly as-is]
Ship a clean executable source file, include all referenced handlers, align registry metadata with dependencies, and pin or clearly document optional packages.
When invoked, the skill can inspect local network service advertisements.
The skill invokes a local system command to browse mDNS services on the LAN; this is disclosed as local network discovery and has a timeout, but it is still local command/network behavior users should notice.
subprocess.run(["dns-sd", "-B", "_services._dns-sd._udp"], capture_output=True, text=True, timeout=3)
Keep LAN scanning user-initiated, document exactly what is scanned, and avoid running it automatically.