ClawHub

Mac Control

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Mac automation helper, but it gives an agent broad control over screenshots, clicks, typing, and protected login pages without enough safety boundaries.

Review before installing. Use only if you intentionally want an agent to control your Mac screen, mouse, and keyboard. Keep it supervised, close or obscure sensitive windows before screenshots, avoid login/OAuth/financial/admin flows, verify coordinates before clicking, and delete temporary screenshots after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill repeatedly instructs taking full-screen screenshots and inspecting window/browser state without any guidance about secrets that may be captured, such as passwords, tokens, personal messages, or sensitive documents visible on screen. In a UI-control skill, this context makes the issue more serious because screen capture is a primary workflow and can expose high-value data during normal use.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script captures a screenshot with the cursor and writes calibration data to disk without explicit user-facing notice or consent. In a Mac UI automation skill, screenshots can unintentionally capture sensitive on-screen content, and persistent files in /tmp and ~/.clawdbot may expose private information or system characteristics to other local processes or future runs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This script performs a real mouse click on the host system immediately after coordinate conversion, with no confirmation prompt, dry-run mode, foreground-app validation, or safety interlock. In a UI automation skill, that can trigger unintended actions such as approving dialogs, changing settings, or interacting with sensitive applications if the coordinates are wrong, stale, or influenced by untrusted input.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script captures a full-screen screenshot and writes it to a predictable temporary location without any consent prompt, redaction, or minimization. In a Mac automation skill, screens may contain passwords, messages, documents, tokens, or other sensitive data, so even a helper script for coordinate discovery creates real confidentiality risk if run in normal user sessions.

Ssd 4

Medium
Confidence
97% confidence
Finding
The documentation explicitly recommends using keyboard navigation to activate controls on Google OAuth and other protected pages after synthetic mouse clicks are blocked, framing anti-automation defenses as something to work around. In this skill context, that is dangerous because it enables scripted interaction with login and consent flows that are intentionally protected, increasing the risk of unauthorized account actions or deceptive consent approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal