Mac Control
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill openly controls a Mac with screenshots, mouse, keyboard, and AppleScript, but its broad UI authority, login-page automation guidance, and hardcoded display assumptions need careful review before use.
Install only if you intentionally want an agent to control your Mac UI. Before use, calibrate coordinates on your own display, keep sensitive windows closed, require confirmation before clicks or typing, and avoid using it to automate login/OAuth or other account-security pages.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could click buttons, type text, submit forms, or navigate account/login pages in whichever app is active, potentially causing unintended account or local-system actions.
The skill gives the agent raw keyboard and mouse control over the Mac and explicitly describes operating login/OAuth/protected pages, but the artifacts do not define clear confirmation, app scope, or safety limits before high-impact UI actions.
Control Mac via mouse/keyboard automation... /opt/homebrew/bin/cliclick t:"hello world" ... /opt/homebrew/bin/cliclick kp:return ... Google OAuth and protected pages block synthetic mouse clicks! Use keyboard navigation
Use only with explicit user direction, require confirmation before clicks/typing/submissions, avoid automating login/OAuth pages, and restrict use to named apps/windows and verified coordinates.
On a different Mac or display setup, the skill may click unintended buttons or controls, and those UI actions can affect apps, browser sessions, or accounts.
The click helper applies hardcoded display-scaling assumptions before issuing a real click. If the user's display or screenshot viewer differs, a single coordinate error can click the wrong UI element.
DEFAULT_SCALE=2.5 ... DISPLAY_RATIO=1.92 ... /opt/homebrew/bin/cliclick "$CLICK_TYPE:$CLICLICK_X,$CLICLICK_Y"
Require per-device calibration before any click, avoid default scale factors, verify every target with a screenshot, and fail closed when calibration is missing or uncertain.
Granting the needed permissions lets the automation inspect and interact with application windows, not just a single narrow service.
Using System Events and cliclick-style automation is expected for Mac UI control, but it normally requires powerful macOS Accessibility/automation permissions that can affect other applications.
tell application "System Events" ... set frontApp to first application process whose frontmost is true ... set win to front window
Grant macOS Accessibility/Screen Recording permissions only if you trust the skill and revoke them when no longer needed.
Sensitive screen content may be saved locally in /tmp and may be read by the agent during coordinate analysis.
The helper captures full-screen images with the cursor and leaves them in a temporary directory for viewing. This is useful for the skill, but screenshots can contain private information.
TMP_DIR="/tmp/mac-find-element-$$" ... /usr/sbin/screencapture -C -x "$TMP_DIR/full.png" ... echo "Full screenshot: $TMP_DIR/full.png"
Close or hide sensitive windows before use and delete temporary screenshots after the task.
If local dependencies are missing, replaced, or installed from an untrusted source, the skill may fail or run a tool the user did not intend to trust.
The skill relies on external local binaries, while the registry metadata declares no required binaries and no install spec. This is not malicious by itself, but users must verify what is installed locally.
Tools: cliclick: `/opt/homebrew/bin/cliclick` ... screencapture ... magick ... osascript
Install dependencies from trusted sources, verify paths such as /opt/homebrew/bin/cliclick, and update metadata to declare required binaries and macOS-only operation.