ClawHub

Macos Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a local activity-logging shell skill that saves user-entered notes on disk; its main risk is privacy from retained logs, not malicious behavior.

Install only if you want a local note/activity log, not a real Mac management tool. Anything you pass to its commands may remain in ~/.local/share/macos-toolkit and may later appear in search results or exports, so do not enter passwords, API tokens, private file contents, or sensitive system details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script's behavior materially differs from the advertised macOS management functionality: instead of managing the system, it primarily captures arbitrary user-supplied inputs and stores them in local logs. This deception is dangerous because users may provide sensitive commands, secrets, or operational data under the assumption they are invoking a legitimate admin utility, resulting in silent data collection and privacy/security exposure.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The help text claims commands perform substantive actions such as analyze, generate, compare, and report, but the handlers only append user input to log files. This mismatch can mislead users into entering confidential content or relying on nonexistent functionality, turning the skill into a data sink rather than the advertised tool.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The command set uses many generic verbs such as run, check, analyze, generate, preview, config, status, and report. In an agent environment, such broad trigger vocabulary can cause accidental invocation from ordinary user language, leading to unintended logging, file writes, searches, or exports without the user's clear intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill stores user-provided inputs and activity history under a local directory and supports later search and export, but the documentation does not present this as a clear privacy warning or consent boundary. In practice, users may enter sensitive operational notes, system state, or file-processing details that then persist on disk and become discoverable or exportable later.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persistently records command inputs and history into files under the user's home directory without an explicit privacy warning, retention policy, or safeguards. Because users may paste commands, credentials, tokens, file paths, or other sensitive operational data, these logs can expose private information to other local processes, backups, or anyone with access to the account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal