v0.1.0

macos-suite-readonly

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:21 AM.

Analysis

This skill matches its read-only macOS query purpose, but it can expose private Mail, Calendar, and Notes information after macOS permission prompts.

GuidanceInstall only if you want an agent to perform these read-only macOS queries and are comfortable granting Mail, Calendar, and Notes automation/privacy access. Review JSON outputs before sharing them elsewhere, remember stock quote commands contact qt.gtimg.cn, and verify the publisher/source because no homepage or source repository is listed.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/main.py

cmd = ["osascript", "-"] ... subprocess.run(cmd, input=input_text, text=True, capture_output=True)

The skill executes AppleScript through a local command runner, which is expected for macOS app queries but still gives the skill local automation capability.

User impactWhen invoked, the skill can run AppleScript under the user's macOS session to query local apps.

RecommendationUse the documented commands only for intended queries and pay attention to macOS permission prompts.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The artifacts do not provide an external source repository or homepage for independent provenance checking.

User impactUsers have less external assurance about the publisher and code history for a skill that requests privacy-sensitive local app access.

RecommendationReview the bundled files and verify the publisher before granting macOS privacy permissions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

读取邮件未读、日程、备忘录搜索 ... 首次调用可能弹出系统权限提示（自动化/隐私）。

The skill explicitly accesses personal Mail, Calendar, and Notes data through macOS privacy/automation permissions.

User impactJSON results can reveal private message subjects/senders, calendar details, and note snippets to the agent.

RecommendationGrant macOS Automation/Privacy permissions only if you are comfortable with those data types being read; revoke permissions in macOS settings if no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

scripts/main.py

items.append({"title": r[0], "modified": r[1], "snippet": r[2]})

Notes content is returned into the agent's context as data; note text, email subjects, or calendar titles could contain untrusted instructions if the agent over-trusts retrieved content.

User impactA malicious or misleading note/email/calendar entry could influence an agent if it treats returned text as instructions instead of data.

RecommendationTreat all returned Mail, Calendar, and Notes content as untrusted data and do not let it override user instructions or safety rules.