ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mac Compute Use

v0.1.0

Control macOS applications via Accessibility API through an MCP server. Open apps, click buttons, type text, press keys, scroll, and read UI state. Use when:...

1· 624·2 current·3 all-time
byEvgeniy@reg2005
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is explicitly for macOS GUI automation. Requiring the mcporter binary and installing an mcp-server binary (mcp-server-macos-use) via Homebrew is coherent with that purpose. No unrelated environment variables, credentials, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to open apps, click/type/press/scroll, and read UI traversal JSON written to /tmp/macos-use/. Those actions are expected for a desktop-control tool, but they inherently allow reading screen contents (which may include sensitive data). The instructions do not ask for unrelated files or secrets.
Install Mechanism
The included setup script uses Homebrew and a tap (reedburns/mcp-server-macos-use) to install the MCP server and registers it with mcporter. Homebrew is typical for macOS tools, but the tap is a third-party source — you should review the formula/repo before installing. The script also suggests installing mcporter via npm if missing.
Credentials
No environment variables or credentials are requested. The only elevated permission called out is macOS Accessibility (required for UI control), which is proportionate to the stated purpose but grants broad ability to control and read the desktop.
Persistence & Privilege
always is false and the skill does not demand permanent system-wide changes. It registers the MCP server with mcporter (modifies mcporter config), which is appropriate for its functionality and scoped to this tool.
Assessment
This skill appears internally consistent for controlling macOS GUIs, but you should only install and grant permissions if you trust the MCP server implementation. Before installing: (1) inspect the Homebrew tap/formula and upstream GitHub repo (reedburns/mcp-server-macos-use) to verify code provenance; (2) be aware that granting Accessibility lets the tool read and control any app (it can capture visible text, passwords, messages); (3) confirm you trust mcporter (the skill registers the server with mcporter and may suggest installing mcporter via npm); (4) consider running installation in a disposable account or VM first; (5) remove the Accessibility grant and unregister the server when no longer needed. If you cannot review the upstream source, treat the install as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97exxk24qz2hr8sr5y39bm645825arv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis
Binsmcporter

Comments