ClawHub

Macos Spm App Packaging

Security checks across malware telemetry and agentic risk

Overview

This macOS packaging skill is mostly purpose-aligned, but its helper scripts handle signing credentials and modify the user login keychain in ways users should review before installing.

Review and preferably edit the signing scripts before use. Run setup_dev_signing.sh only if you are comfortable adding a persistent self-signed signing identity to your login keychain, and remove it when no longer needed. For notarization, change the private-key handling to use a securely created temporary file with restrictive permissions or a safer credential mechanism before providing App Store Connect keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script silently imports a newly generated self-signed code-signing certificate into the user's login keychain, which is a sensitive trust store. In the context of a packaging helper this is likely intended for developer convenience, but modifying keychain contents without an explicit warning/confirmation can mislead users about the trust implications and expands the local attack surface if the private key or trust setting is later abused.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes the App Store Connect private key material to a predictable path in /tmp, which is a shared world-accessible namespace on multi-user systems. Even though a cleanup trap is present, storing sensitive credentials in /tmp increases the risk of disclosure through race conditions, symlink attacks, permissive default file modes, or recovery from crashes before cleanup.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal