Back to skill
Skillv1.0.0
VirusTotal security
Mac Control · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:59 AM
- Hash
- 4cecb5a6e06ce40cbd3765590fd39227243b79e6de23cb27401d57b573343f1c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mac-control Version: 1.0.0 The skill bundle provides Mac UI automation capabilities, which are inherently high-privilege. It contains multiple shell and AppleScript injection vulnerabilities in its helper scripts (`scripts/find-element.sh`, `scripts/crop-image.sh`, `scripts/get-window-bounds.sh`). Arguments passed to `cliclick`, `sips`, and `osascript` are not properly sanitized or quoted, allowing for arbitrary command execution if an attacker or a prompt-injected agent can control the input to these scripts. There is no evidence of intentional malicious behavior like data exfiltration or persistence within the provided code, but these critical vulnerabilities pose a significant risk of exploitation.
- External report
- View on VirusTotal