Skillv0.7.0

ClawScan security

MacPilot : Control macOS using CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 8:01 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and scope match its stated purpose (controlling macOS via the MacPilot CLI); it requests no extra credentials or installs, but it does rely on a privileged local helper (MacPilot) and on granting Accessibility/Screen Recording permissions which carry sensitive access.
Guidance: This skill appears internally consistent with its description, but it depends on the third-party MacPilot binary and macOS permissions that are powerful: Accessibility lets the tool control apps and UI, and Screen Recording/screenshot+OCR can capture any visible content (passwords, private documents, chats). Before installing: (1) confirm you trust the MacPilot upstream (review its GitHub release you install), (2) only grant Accessibility/Screen Recording to the MacPilot.app you installed, (3) be cautious about allowing autonomous agent actions that perform shell commands or take screenshots—limit autonomy or require explicit user approval for sensitive tasks, and (4) avoid using the skill on machines with highly sensitive data unless you trust the binary and agent behavior. If you want stronger assurance, inspect the MacPilot binary source or run the skill in a less-privileged/testing account.

Review Dimensions

Purpose & Capability: okName/description match the content: all SKILL.md files are explicit about using the macpilot CLI to automate macOS (UI, windows, dialogs, screenshots, OCR, shell). No unrelated environment variables, binaries, or installs are requested by the skill itself. The requirement that MacPilot be installed on the machine is appropriate for the stated functionality.
Instruction Scope: noteInstructions tell the agent to run macpilot CLI commands (click/type/ui inspect/dialog navigation/screenshot/ocr/shell). This is coherent, but those commands enable powerful actions: arbitrary UI control, screen captures (including OCR of screen content), and execution of shell commands via macpilot shell run. These behaviors are expected for an automation skill but can expose sensitive data (visible screen contents, files) or run arbitrary commands — consider that when granting use/permissions.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code. The README suggests installing MacPilot itself from its GitHub releases or building from source; that is outside this skill. The lack of downloads or archive extraction in the skill package is low-risk.
Credentials: noteThe skill does not request environment variables or credentials. It does require the user to install MacPilot and to grant Accessibility and (for screenshots/ocr/recording) Screen Recording permissions to MacPilot.app. Those OS permissions are necessary for the functionality but provide broad access to UI and visible screen contents — which is proportional to the stated purpose but inherently sensitive.
Persistence & Privilege: okSkill is not always-enabled and does not request permanent platform-level privileges. It's instruction-only and doesn't modify other skills or agent configs. Autonomous invocation is permitted by default (platform behavior) — not flagged alone but combine with the sensitivity noted above when making a trust decision.