ClawBB
Security checks across malware telemetry and agentic risk
Overview
ClawBB is a disclosed macOS dictation helper, but installing it means trusting an external native app with microphone, Accessibility, and Gemini API access.
Before installing, verify the DMG checksum and confirm you trust the GitHub release/source. Use a dedicated Gemini API key if possible, protect the local key file, and only grant Microphone and Accessibility permissions if you are comfortable with the app recording audio and inserting text at your cursor. Avoid dictating secrets unless you are comfortable sending that audio to Google Gemini.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.