Mac Cleaner - Because your Mac shouldn't have more baggage than your ex.

Security checks across malware telemetry and agentic risk

Overview

The skill is a transparent macOS disk-cleanup helper, but clean mode can permanently delete caches, Trash contents, and old system logs after confirmation.

Run analyze mode first. Only run clean mode if you are comfortable permanently deleting rebuildable caches, emptying Trash, and possibly entering an administrator password for old system log cleanup. Users who need logs for troubleshooting, compliance, or incident review should skip or modify the log-cleaning portion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The script goes beyond user-scoped cleanup and performs privileged operations against /var/log using sudo. That exceeds the stated scope of a safe everyday-user cleanup tool and can remove forensic or troubleshooting data that users do not expect this skill to touch.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The use of sudo enables system-wide deletion, which materially increases the blast radius of the script beyond ordinary cache cleanup. In a tool advertised for everyday users, unexpected privilege escalation is dangerous because it can modify protected system areas and normalize granting elevated access to broadly scoped scripts.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The script describes itself as safe and focused on common cleanup, but it also deletes system log files with elevated privileges. This mismatch is security-relevant because users may consent under false assumptions about scope and risk, making privilege-bearing behavior more likely to be accepted without scrutiny.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: clean_logs() { print_section "📋 Cleaning System Logs" local log_size=$(sudo du -sm /var/log 2>/dev/null | awk '{print $1}' || echo "0") if [[ $log_size -gt 500 ]]; then print_info "System logs are large (~${log_size}MB)."
Confidence: 90% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: print_info "System logs are large (~${log_size}MB)." print_warning "Cleaning old logs requires sudo. Only removing logs older than 7 days..." sudo find /var/log -name "*.log.*" -mtime +7 -delete 2>/dev/null || true sudo find /var/log -name "*.gz" -mtime +30 -delete 2>/dev/null || true local new_log_size=$(sudo du -sm /var/log 2>/dev/null | awk '{print $1}' || echo "0")
Confidence: 97% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: print_warning "Cleaning old logs requires sudo. Only removing logs older than 7 days..." sudo find /var/log -name "*.log.*" -mtime +7 -delete 2>/dev/null || true sudo find /var/log -name "*.gz" -mtime +30 -delete 2>/dev/null || true local new_log_size=$(sudo du -sm /var/log 2>/dev/null | awk '{print $1}' || echo "0") local freed=$((log_size - new_log_size))
Confidence: 97% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: sudo find /var/log -name "*.log.*" -mtime +7 -delete 2>/dev/null || true sudo find /var/log -name "*.gz" -mtime +30 -delete 2>/dev/null || true local new_log_size=$(sudo du -sm /var/log 2>/dev/null | awk '{print $1}' || echo "0") local freed=$((log_size - new_log_size)) SPACE_FREED=$((SPACE_FREED + freed)) print_info "Cleaned ~${freed}MB of old logs."
Confidence: 88% confidence
Finding: sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal