ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Airpoint 1.3.16

v1.0.0

Control a Mac through natural language — open apps, click buttons, read the screen, type text, manage windows, and automate multi-step tasks via Airpoint's A...

0· 113·0 current·0 all-time
by@durtydhiana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (control a Mac via Airpoint) align with declared requirements: macOS and the 'airpoint' CLI. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md directs the agent to run the 'airpoint' CLI commands (ask, see, status, stop, settings, etc.) and to rely on the Airpoint app for model API keys and permissions. It does not instruct reading unrelated files, exporting secrets, or contacting unexpected endpoints. It appropriately warns about macOS accessibility and screen-recording permissions.
Install Mechanism
Instruction-only skill with no install spec or bundled code. This is the lowest-risk install model; the skill assumes the user installs the official Airpoint CLI separately via the app.
Credentials
No environment variables or credentials are required by the skill. The SKILL.md does advise placing an AI model API key inside the Airpoint app (expected for a product that uses LLMs/vision models). No unrelated secrets are requested.
Persistence & Privilege
Skill is not 'always:true' and is user-invocable only. The skill does not request to modify other skills or system-wide settings. It relies on the existing Airpoint app which itself requires accessibility/screen-recording privileges (documented).
Assessment
This skill is an instruction shim for the Airpoint macOS app and appears coherent, but you should still exercise standard caution before enabling control of your screen and input. Verify you obtained the Airpoint app/CLI from the official site (https://airpoint.app) and that the 'airpoint' binary is the signed, expected executable. Be aware the app requires Accessibility and Screen Recording permissions — granting those lets the app (and the agent it runs) see and control your UI. The app also asks you to supply an LLM API key inside its settings; consider using a limited or replaceable key and monitor/rotate it if you stop using the app. If you need higher assurance, inspect the installed CLI binary (code signature, checksums) or run it in a controlled account before granting broad access.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pav9kxsvff663pgd4nzf8s834vyy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖐️ Clawdis
OSmacOS
Binsairpoint

Comments