Mole Mac Cleanup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed macOS cleanup helper for the Mole CLI, but its commands can delete local files and change system settings, so users should review dry runs before execution.

Install only if you trust the Homebrew Mole package. Use `mo clean --dry-run --debug` and `mo optimize --dry-run` first, review exactly what will be removed or changed, and do not run purge, installer cleanup, optimization, or Touch ID sudo setup unless you explicitly want those local system effects.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill exposes destructive cleanup and optimization commands such as cache/log deletion, artifact purging, network service resets, Spotlight rebuilds, and swap file removal, but it does not provide strong safety gating, explicit confirmation requirements, or clear warnings about potential data loss and system disruption. In an agent context, even documented CLI commands can be executed non-interactively, making this more dangerous than a human-only README because the skill encourages direct execution after a dry run without requiring user approval for impactful actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal