ClawHub

Mac Compute Use

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about controlling macOS apps, but it gives an agent broad desktop control and screen-reading power with limited safety boundaries.

Install only if you intentionally want an agent to control your Mac desktop. Review the Homebrew tap and upstream MCP server source first, supervise use in sensitive apps, avoid exposing passwords or private messages on screen, clear /tmp/macos-use after use, unregister the mcporter server when finished, and revoke Accessibility permission when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is extremely broad and invites use for almost any 'computer use' or 'desktop control' task on macOS. Because this skill can open apps, read UI state, type text, and click arbitrary elements, overly generic invocation language increases the chance an agent will select it in situations involving sensitive apps or data, leading to unintended GUI automation, data exposure, or destructive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents that it can read screen/UI state from any app and that full traversal JSON is written to /tmp/macos-use/, but it does not prominently warn that this may capture sensitive on-screen content and persist it locally. That combination creates a real confidentiality risk because tokens, messages, emails, file names, or other private data visible in the UI may be collected and left behind in temporary files accessible to other local processes or users depending on system configuration.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
mcporter config add macos-use --transport stdio --command $(which mcp-server-macos-use)
```

3. Grant Accessibility permission:
   **System Settings → Privacy & Security → Accessibility** → add `mcp-server-macos-use`

4. Verify:
Confidence
93% confidence
Finding
permission: *

Excessive Permissions

Low
Category
Privilege Escalation
Content
mcporter config add macos-use --transport stdio --command $(which mcp-server-macos-use)
```

3. Grant Accessibility permission:
   **System Settings → Privacy & Security → Accessibility** → add `mcp-server-macos-use`

4. Verify:
Confidence
89% confidence
Finding
permission: *

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal