ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

application-use

v1.0.0

Automate macOS tasks by opening apps, clicking elements, filling forms, typing, scrolling, and controlling the desktop via CLI commands.

0· 43·0 current·0 all-time
byWei Qiang@qdore
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (macOS desktop automation) matches the SKILL.md usage (open/click/fill/scroll), but the registry metadata lists no required binaries while the SKILL.md explicitly instructs installing and running an 'application-use' npm CLI. The allowed-tools entry also references Bash(./application-use:*), which implies a local binary; these mismatches (no required binary declared, no install spec in registry, but an npm install command in the README) are inconsistent and worth verifying.
!
Instruction Scope
Instructions tell the agent to take snapshots/screenshots and interact with UI elements — behavior that can capture sensitive screen content (passwords, personal data) and control the desktop via accessibility APIs. The SKILL.md does not constrain what to capture or warn about sensitive content, and it includes examples that access user file paths. While these actions are coherent with desktop automation, they expand the agent's ability to observe and manipulate local sensitive state and should be treated as high-risk.
!
Install Mechanism
No install spec was provided in the registry metadata, but the SKILL.md tells users to run 'npm i -g application-use' (a global npm install). Installing an unknown npm package globally is a moderate-to-high risk because it executes third-party code with system-level accessibility privileges on macOS. There is no homepage or source URL in the registry metadata to verify package provenance.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, macOS desktop automation typically requires granting Accessibility / Automation permissions to the installed binary; granting those permissions gives the tool broad control of the desktop. The SKILL.md does not document that requirement or recommend permission scoping.
Persistence & Privilege
The skill is not always-enabled and doesn't request to modify other skills or global agent settings (good). Still, the runtime behavior (a CLI that drives the GUI) implies it will require OS-level accessibility privileges once installed — this is powerful and should be considered when granting permissions.
What to consider before installing
This skill's purpose (macOS automation) is plausible, but there are red flags you should address before installing: - Verify provenance: the registry provides no homepage/source. Search npm for 'application-use', inspect the package author, recent versions, and read the package source before installing. Prefer installing only from trusted, audited packages. - Avoid blind global installs: 'npm i -g' installs a binary system-wide. If you test, do so in a disposable account or VM and avoid granting Accessibility permissions to unknown binaries. - Accessibility and screenshots are powerful: the tool will likely require macOS Accessibility/Automation permissions and can capture screenshots/snapshots that may include passwords or private data. Only grant such permissions if you trust and have inspected the code. - Confirm CLI location/usage mismatch: the SKILL.md references both a global npm package and a local './application-use' binary. Ask the skill author which binary is required and why no required-binaries or install spec exists in the registry metadata. - If you cannot validate the package source or review its code, decline installation or request a vetted alternative. If you proceed, limit exposure (use a test account, sandbox, or VM) and monitor for unexpected network or system activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk972sk1s2kfzqysrgagsqbc46183vspj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments