ClawHub

abe-findmy-location

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Find My automation tool, but it handles live location screenshots with weak contact selection, external upload, and broad local click automation.

Review before installing. Use only if you are comfortable granting Accessibility and Screen Recording access, exposing Find My data to this script, and possibly sending full-screen location screenshots to SkillBoss/HeyBoss. Configure and manually verify the selected contact, avoid or secure the Hammerspoon click server, prefer a local-only mode if available, and delete temporary screenshots after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
}

def run(cmd):
    return subprocess.run(cmd, shell=True, capture_output=True, text=True).stdout.strip()

def load_config():
    if os.path.exists(CONFIG_PATH):
Confidence
97% confidence
Finding
return subprocess.run(cmd, shell=True, capture_output=True, text=True).stdout.strip()

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares only an environment variable requirement but its documented behavior depends on shell execution, network access, screen capture, and UI automation. Missing explicit permission declarations weakens user consent and platform enforcement, especially for a skill that handles sensitive location and screenshot data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose understates several sensitive behaviors: selecting contacts unreliably, reading identifiers that may include email addresses, inspecting USER.md-derived target names, and exposing screenshot paths. In a location-tracking skill, undocumented collection or disclosure of identity and screen data materially increases privacy risk and can cause the wrong person to be tracked.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation tells users to run a local HTTP service that accepts click coordinates and performs arbitrary screen clicks. Even if bound to localhost, any local process can abuse that interface to drive the GUI, enabling unintended actions in other applications with the user's privileges.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill reads local USER.md files to infer a target name, which is unrelated to the narrow task of reading a Find My location and expands access to personal identity data on disk. This is unnecessary collection of local personal data and increases privacy risk, especially because the value is not required for the current hard-coded UI behavior.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The code claims to track a configured/shared contact but never uses the selected target when interacting with Find My; instead it clicks a fixed screen coordinate for the second row. In a sensitive location-tracking context, this can retrieve and disclose the wrong person's location, creating a serious privacy breach and making operator intent unverifiable.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that screenshots from Apple Find My may be sent to a third-party vision API to infer street names. Those screenshots can contain precise, highly sensitive real-time location data about another person, yet the documentation provides no explicit privacy warning, consent guidance, data handling disclosure, or minimization guarantees. In the context of a tracking skill, this materially increases privacy and surveillance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill can send screenshots or location-derived map data to an external vision API, but the description does not clearly warn users before that transfer occurs. Because the screenshots may contain precise real-time location and potentially identifying information, undisclosed third-party transmission creates a significant privacy and compliance risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
A screenshot of the Find My app, which may contain precise location, names, addresses, and other sensitive map context, is sent to an external API without any user-facing disclosure or consent mechanism. In this skill's context, location data is especially sensitive, so third-party transmission materially increases privacy and compliance risk.

Session Persistence

Medium
Category
Rogue Agent
Content
server:start()
```

Reload config (Hammerspoon menu → Reload Config), then create `~/.local/bin/hsclick`:
```bash
#!/bin/bash
curl -s -X POST localhost:9090/click -d "{\"x\":$2,\"y\":$3}"
Confidence
81% confidence
Finding
create `~/.local/bin/hsclick`: ```bash #!/bin/bash curl -s -X POST localhost:9090/click -d "{\"x\":$2,\"y\":$3}" chmod +x ~/.local/bin/hsclick ``` ## Installation ```bash git clone https://github.co

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal