mac-app-launcher

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill helps an agent search for and open local macOS apps, with the main caveat that it may launch a single matched app automatically.

Install this only if you want an agent to search and launch apps on a Mac. For extra control, tell the agent to list matching app paths and wait for your confirmation before opening anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill is scoped to generic requests to find, search, list, or open macOS applications, which is broad enough to trigger on many ordinary app-related prompts. Because the workflow includes directly launching apps when there is a single match, an over-broad activation surface can cause unintended system actions from ambiguous user requests or from prompt-injection-style steering via surrounding context.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs the agent to use `open` to launch applications but does not clearly frame this as executing a state-changing action on the user's machine. In context, the workflow even says to directly open the app when there is only one match, which increases the risk of unintended execution, abuse through ambiguous matching, or launching a sensitive app without informed user consent.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal