ClawHub

mac-gui-control

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed macOS desktop-control skill whose sensitive screenshot, clipboard, keyboard, and mouse abilities match its stated purpose, with no evidence of hidden networking, exfiltration, persistence, or destructive behavior.

Install only if you want an agent to see and operate your Mac desktop. Before use, close or hide sensitive windows, avoid granting Accessibility or Screen Recording broadly unless needed, review screenshot output paths, and require explicit confirmation before actions like submitting forms, sending messages, deleting data, payments, public posts, or account changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to execute shell commands (`python3`, `osascript`, `open`, `brew`, pip, and helper scripts) but does not declare corresponding permissions. That mismatch is a real security issue because it hides the skill's execution capabilities from any permission or policy layer, and this particular skill also drives screenshots, clipboard, keyboard, mouse, and AppleScript automation on the host desktop, increasing the sensitivity of undeclared shell access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This command captures the entire desktop and returns environment details without any user confirmation, scope restriction, or sensitivity checks. In a GUI-control skill, screenshots can expose secrets visible on screen such as passwords, tokens, email, documents, or confidential chats, making the capability materially dangerous.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The capture command writes screenshots to user-specified or temporary filesystem paths, creating persistent artifacts of potentially sensitive screen contents. Those files may be left behind, exposed through permissive directory access, or later exfiltrated by other processes or users on the host.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script can synthesize keystrokes, paste arbitrary clipboard content, and control the mouse, enabling full desktop interaction without any approval or safety interlocks. In this skill's context, that can directly trigger destructive actions, submit sensitive data, manipulate security settings, or operate other applications on behalf of the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal