macOS

Security checks across malware telemetry and agentic risk

Overview

This is a macOS administration reference skill with powerful command examples, but it contains no executable code or hidden behavior.

Install only if you want the agent to have macOS administration reference material. Require explicit confirmation before using commands that read secrets, authorize Keychain access permanently, create launchd jobs, reset privacy permissions, remove quarantine attributes, take screenshots, read the clipboard, use sudo, or change network and power settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 93% confidence
Finding: Documenting `xattr -d com.apple.quarantine app.app` without a warning is dangerous because it removes a built-in macOS trust and malware-screening control from downloaded apps. A user or downstream agent could apply it reflexively and bypass Gatekeeper-related scrutiny on untrusted software, increasing the chance of executing malicious code.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal