Airfoil
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: airfoil Version: 1.0.1 The skill uses `osascript` to control the Airfoil application, which is its stated purpose. However, the `airfoil.sh` script directly interpolates user-provided speaker names (`$SPEAKER`) into AppleScript commands (e.g., in `connect`, `disconnect`, `volume` functions). This creates a potential AppleScript injection vulnerability if the input from the agent is not properly sanitized, allowing an attacker to execute arbitrary AppleScript commands on the macOS system. While the intent appears to be benign application control, this direct interpolation without sanitization represents a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed speaker name could cause the agent to run unintended local AppleScript actions, not just connect or disconnect an Airfoil speaker.
The speaker argument is inserted directly into AppleScript source. A crafted speaker name containing quotes or newlines could alter the AppleScript command instead of being treated only as a speaker name.
SPEAKER="$2" ... osascript -e "tell application \"Airfoil\" to connect to (first speaker whose name is \"$SPEAKER\")"
Pass speaker names to osascript as arguments rather than interpolating them into source text, escape AppleScript strings, and validate volume as an integer from 0 to 100 before invoking Airfoil.
Granting Terminal or Airfoil Accessibility permissions can allow broader local automation than speaker control alone.
The skill asks the user to grant macOS Accessibility permissions, which are broad and persist beyond a single command, even though this is disclosed and related to controlling Airfoil.
Launch Airfoil and grant Accessibility permissions (System Settings → Privacy & Security → Accessibility)
Grant these permissions only if needed, use a trusted terminal environment, and revoke the permission when you no longer use the skill.
Users may encounter an unexpected missing dependency or be prompted to install an extra package that was not declared in the registry metadata.
The script depends on bc for volume calculation, but the registry requirements list only osascript as a required binary.
VOL=$(echo "scale=2; $VALUE / 100" | bc)
Declare bc as a required binary or replace the calculation with shell-safe validation/arithmetic that does not require an undeclared dependency.