Back to skill

Security audit

Mole Mac Cleanup

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent macOS cleanup helper, but its commands can delete local files or change system behavior if run intentionally.

Install only if you trust the Homebrew Mole package. Before running cleanup, optimization, purge, or installer removal, use the documented dry-run/debug previews where available and review what will be deleted or changed. Avoid `mo touchid`, `mo purge`, `mo installer`, and `mo optimize` unless you explicitly want those system or file-removal effects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents and encourages execution of destructive system cleanup and optimization commands, including cache/log removal, service resets, swap file removal, and project artifact purging, without a prominent warning about data loss, system instability, required privileges, or the need for explicit user confirmation. In an agent context, this is especially dangerous because an automation system may treat the commands as safe maintenance steps and execute them on the host, causing irreversible deletion of user data or disruptive system changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.