ClawHub

mac-wallpaper-changer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent macOS wallpaper tool, but it can download remote images, save local history, and change your desktop background.

Install only if you want a tool that can contact remote wallpaper providers, save downloaded images and preference data under ~/wallpaper-daily, and change your macOS wallpaper. Avoid sensitive search terms, use direct --url only with trusted image links, keep API keys out of shared config files, and add the cron entry only if you want recurring automatic wallpaper changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tainted flow: 'req' from os.environ.get (line 230, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36'
        }
        req = urllib.request.Request(url, headers=headers)
        with urllib.request.urlopen(req, timeout=30) as response:
            with open(filepath, 'wb') as f:
                f.write(response.read())
        return True
Confidence
85% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes local scripts that read and write files, access the network, use shell execution, and likely consume environment variables, yet it declares no permissions or trust boundaries. This creates a transparency and consent gap: users and the platform cannot accurately assess that the skill can download remote content, modify local wallpaper-related data, and execute system-level actions on macOS.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description says any wallpaper-related request should preferentially use this skill, which is an overly broad activation scope. Overbroad routing can cause the agent to invoke a capability-bearing skill unnecessarily, exposing local files, network access, and shell actions in situations where a simpler or safer response would suffice.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
By default, the script performs network access and writes a downloaded file to disk before asking for confirmation to set it as wallpaper. In an agent-skill context, hidden side effects before explicit consent are risky because simply invoking a recommendation flow can cause unexpected external requests, local file creation, and ingestion of untrusted remote content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal