Back to skill

Security audit

clawdbot-macos-build

Security checks across malware telemetry and agentic risk

Overview

The skill is openly for building a macOS companion app, but it asks users to run unpinned remote build code and install a high-privilege app without enough containment or rollback guidance.

Install only if you trust the Clawdbot project and need its macOS companion app. Before running the quick-build block, review or pin the GitHub source, inspect package scripts and scripts/package-mac-app.sh, and understand the app permissions you will grant. Confirm how to stop launchd services, disable remote access, remove deep-link handling, and uninstall the app before approving camera, microphone, screen recording, Accessibility, or remote gateway features.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to run `rm -rf clawdbot-build` in `/tmp` without any warning or verification step. Although scoped to a temporary directory and likely intended to ensure a clean build, destructive deletion in copy-paste build instructions can still cause accidental data loss if users had placed important contents in that path or modified the command.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
pnpm ui:build

# Accept Xcode license (one-time)
sudo xcodebuild -license accept

# Build macOS app with ad-hoc signing
ALLOW_ADHOC_SIGNING=1 bash scripts/package-mac-app.sh
Confidence
84% confidence
Finding
sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.