ClawHub

Apple PIM

Security checks across malware telemetry and agentic risk

Overview

This package is a transparent macOS PIM integration that gives an agent powerful but disclosed access to calendars, reminders, contacts, and Mail.app.

Install only if you want an agent to manage sensitive local calendars, reminders, contacts, and email. Build and trust the Swift CLIs yourself, keep mail attachments disabled unless you need them, use profiles or per-domain config to limit scope, and use dry-run or manual review before send, delete, move, or batch operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The plugin performs a process-wide write to APPLE_PIM_MAIL_ATTACHMENTS_CONFIG during initialization, affecting global state shared by other code in the same process. In a multi-plugin or multi-tenant host, this can create configuration confusion, cross-plugin interference, or unintended attachment-handling behavior if one component relies on that environment variable.

Session Persistence

Medium
Category
Rogue Agent
Content
{
  "id": "apple-pim-cli",
  "name": "Apple PIM",
  "description": "macOS-only. Wraps four native Swift CLIs (calendar-cli, reminder-cli, contacts-cli, mail-cli) you build locally from source via ./setup.sh — no binaries are downloaded by the registry. Grants the agent read/write access to Calendar, Reminders, Contacts, and Mail.app (including send/delete) once you approve the corresponding macOS TCC and Automation prompts.",
  "version": "3.8.2",
  "configSchema": {
    "type": "object",
Confidence
92% confidence
Finding
write access to Calendar, Reminders, Contacts, and Mail.app (including send/delete) once you approve the corresponding macOS TCC and Automation prompts.", "version": "3.8.2", "configSchema": {

VirusTotal

57/57 vendors flagged this plugin as clean.

View on VirusTotal