ClawHub

Tmp.JPuJO3EAp6

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent but needs review because it directs users to install an unpinned external macOS MCP binary that can read sensitive Apple app data and send or delete items.

Review before installing. Only use this if you trust the GitHub release source and are comfortable granting macOS permissions for personal app data, including possible full disk access for Messages history. Prefer a pinned release with a verifiable checksum, and confirm any send, reply, forward, delete, or bulk-read action before allowing the agent to run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad enough to match common phrases like checking calendars, finding contacts, recent emails, or searching notes, which can cause the skill to activate in situations where the user did not clearly intend privileged access to local Apple app data. In this skill's context, unintended invocation is more dangerous because the connected tools can read sensitive personal data and perform actions such as sending messages or emails.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description exposes capabilities to read mail, query Messages history via chat.db, read notes, and send or forward communications, but it does not clearly warn that these operations touch highly sensitive local data and can perform external actions. This is especially risky here because the skill targets personal macOS data stores protected by TCC/full-disk access, so users may underestimate the privacy and integrity implications of invoking it.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal