ClawHub

cleanMyMacSkill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent disk-usage analysis and cleanup skill, but users should treat its interactive delete mode as a real file-removal tool.

Install only if you want a tool that can help clean disk space. Use the static report or trash mode for safer review, and click permanent delete only after checking every listed path because that operation is intentionally destructive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The README describes the tool as a read-only storage analysis helper, but the same document also advertises active cleanup actions including moving files to trash and direct deletion through a local web server. This mismatch can mislead users or integrating agents into granting broader trust than warranted, increasing the chance of unintended destructive actions.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation says red-category application binaries cannot be deleted from the web backend, while the broader README also promotes direct web-based deletion capabilities. Conflicting safety claims create ambiguity about what the backend actually permits, which can cause operators or agents to overtrust the protection boundaries and trigger unsafe deletions.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The README presents the skill as 'read-only' while also advertising cleanup and deletion capabilities through a local web server. This mismatch can mislead users and downstream agents into granting trust or permissions under false assumptions, increasing the chance of unsafe execution of destructive actions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
Claiming read-only behavior in documentation while later describing deletion functionality is a security-relevant trust issue, especially for an agent-integrated skill that may be selected based on safety characteristics. In this context, deceptive or inaccurate safety claims can cause users or orchestrators to invoke a tool in environments where any write/delete capability is unacceptable.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The HTML report is not purely read-only: it exposes one-click trash, permanent delete, and file-manager open actions through JavaScript that call a backend when DELETE is configured. In the context of a storage-analysis skill, this is dangerous because users may trust the interface as an informational report while it can actually initiate destructive filesystem operations.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The footer states that command snippets are only for manual terminal use, but the same page can trigger web-based cleanup actions directly. This mismatch can mislead users and reviewers about the actual capability of the page, reducing informed consent and increasing the chance of accidental destructive actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-start instructions encourage launching a one-click cleanup web service and performing deletion or trash operations without a prominent warning about irreversible data loss, permission implications, or the need to review targets carefully. In an agent-oriented skill, this omission is more dangerous because users may follow automated suggestions with less scrutiny.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The feature list advertises direct permanent deletion from the web UI as a supported capability but does not pair it with an equally clear safety warning. Because this skill is designed for AI-agent use and targets disk cleanup, understated warnings materially increase the risk of accidental destructive operations on user systems.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly promotes 'one-click trashing' and 'permanent deletion' from a local web interface, but does not provide a prominent warning about irreversible data loss, confirmation requirements, or safe-use constraints. In an AI-agent skill context, this is more dangerous because the documentation encourages operational use of destructive actions and may normalize unsafe automation of file deletion by users or agents.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad everyday storage-related queries such as 'clean disk', 'free up space', and 'caches', which increases the chance of accidental invocation in benign conversations. In this skill's context that is more dangerous because invocation can lead to shell-based scanning, report generation, local server startup, and potentially one-click deletion paths, expanding exposure beyond a harmless informational response.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The UI allows one-click permanent deletion and sends target paths plus operation mode to a backend endpoint, but the adjacent code-facing text does not clearly disclose that a network request containing filesystem targets will be made. In a local cleanup tool this is especially sensitive because it normalizes hidden destructive RPC behavior and can obscure the trust boundary between browser UI and privileged backend actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal