ClawHub

Airpoint

Security checks across malware telemetry and agentic risk

Overview

Airpoint is transparent about controlling a Mac, but it gives an AI broad screen-reading and click/type authority with limited safety boundaries.

Install only if you trust the Airpoint app and its configured AI providers with what appears on your screen and with control of your keyboard and mouse. Use narrow supervised tasks, avoid private messages, secrets, financial/account actions, and security settings unless you explicitly intend them, prefer waiting mode over `--no-wait`, review screenshots/results, and revoke macOS Accessibility or Screen Recording permissions when not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill exposes a very broad natural-language control surface for a full computer-use agent without meaningful scope limits, denied-action categories, or explicit confirmation boundaries. Because it can be invoked for arbitrary tasks that open apps, click UI, type text, and read screen contents, ambiguous or malicious prompts could drive unintended high-impact actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly advertises the ability to see the screen, read on-screen text, type, click, and control windows, but it does not prominently warn that this grants access to sensitive data and the ability to perform consequential system actions. In context, this is especially risky because the tool operates on a real macOS desktop with Accessibility and Screen Recording permissions, enabling privacy compromise and potentially dangerous system manipulation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples encourage reading notifications and summarizing email, which normalizes access to potentially sensitive personal or business information without warning about confidentiality, consent, or data-handling implications. That increases the chance users will invoke the agent on private content without understanding that screenshots, model processing, or summaries may expose sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal