Mac Clamshell Mode

Security checks across malware telemetry and agentic risk

Overview

This Mac helper is purpose-aligned, but it can make persistent administrator-level power-setting changes while overstating rollback and dry-run safety.

Review the shell scripts before running them, and only enter an administrator password if you intentionally want to change system-wide Mac power settings. Prefer the status check or temporary caffeinate mode first, record your current pmset -g settings yourself, and do not rely on the documented --rollback or --dry-run options as implemented safety controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill’s description and safety framing understate the scope and risk of the behavior: it presents itself as a safe assistant for lid-closed operation without peripherals, while indicating it may change system-wide power-management settings such as pmset values and disable sleep-related protections. That mismatch can mislead users into approving privileged changes they do not fully understand, increasing the chance of unsafe headless operation, battery drain, thermal issues, or persistence of degraded power settings after the task is complete.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal