mac-system-control

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed macOS command helper with powerful local actions, but its capabilities fit its stated system-control purpose and no hidden execution or data export is shown.

Install this only if you want an agent to help run local macOS system commands. Before using it, confirm exact targets for process killing, shutdown/restart, Wi-Fi changes, screenshots, clipboard access, Finder preference changes, and emptying Trash; treat screenshots and clipboard contents as potentially sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill is activated by very broad macOS-related requests, which increases the chance it will be invoked for routine user prompts and gain access to sensitive local-system capabilities unnecessarily. In a system-control skill, over-broad routing is dangerous because it can expose powerful commands like process killing, screenshots, clipboard reads, and network changes outside a narrowly scoped task.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The clipboard commands allow reading and overwriting clipboard contents without any warning that the clipboard may contain passwords, tokens, personal messages, or other sensitive transient data. Because clipboard access is often unexpected by users, documenting it without consent/confirmation guidance creates a real data exposure and integrity risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Screenshot commands can capture passwords, private conversations, financial data, or other sensitive information visible on screen, yet the skill provides no warning or consent guidance. In a system-control context, screenshot capability is inherently privacy-sensitive and should be treated as data collection from the user's desktop environment.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The documented commands write screenshots to the desktop and copy data into the clipboard without stating that the data may persist, overwrite existing files, or replace previous clipboard contents. This is a real but lower-severity issue because it can unintentionally retain sensitive artifacts or destroy user clipboard state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal