ClawHub

Macos Gui Automation

Security checks across malware telemetry and agentic risk

Overview

This is a transparent macOS screen-reading and desktop-control skill, but it gives broad control over the user’s Mac without strong safety limits.

Install only if you intentionally want an agent to read your screen and control your Mac. Use it under supervision, keep passwords and private windows out of view, prefer small region captures, delete /tmp/gui-auto screenshots after use, and revoke Accessibility or Screen Recording permissions when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to grant screen-recording permission and demonstrates screenshot/OCR workflows, but it does not warn that these actions can capture passwords, messages, tokens, or other sensitive on-screen data. In an agent skill context, this omission is security-relevant because users may authorize broad capture capabilities without understanding the privacy impact or constraining when and what is captured.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README describes automated clicking, typing, and keypress actions without warning that GUI automation can activate destructive UI paths, submit forms, send messages, or overwrite data in whichever application currently has focus. In a general-purpose automation skill, the lack of guardrails or warnings increases the chance of unintended cross-application actions and harmful misuse, especially after accessibility permissions are granted.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides concrete keyboard and GUI automation examples that can type text, press keys, and click without requiring any foreground-window verification, confirmation step, or warning about focus drift. In a macOS environment with Accessibility permissions, a mis-targeted action can send input to the wrong application or dialog, causing unintended data modification, submission, deletion, or navigation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script can synthesize keyboard and mouse input into whatever application is currently focused, including terminals, password prompts, browsers, and admin dialogs, without any safety interlock or user confirmation. In an agent skill context, this is especially dangerous because a higher-level agent could drive unintended actions, submit forms, alter settings, or execute destructive commands in the wrong window.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The capture and OCR commands collect potentially sensitive on-screen data such as passwords, messages, tokens, personal data, or confidential documents, then store screenshots in /tmp and emit OCR text to stdout. In an agent skill, this materially increases risk because the skill can exfiltrate or process information from unrelated applications visible on screen, not just the intended task context.

Missing User Warnings

Low
Confidence
81% confidence
Finding
Enumerating running processes and the frontmost application exposes system usage context that can reveal sensitive information about user activity, security tools, financial apps, communications, or enterprise software. In combination with the input and capture features, this provides useful reconnaissance for targeted GUI automation against high-value windows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal