Back to skill
Skillv0.1.0
ClawScan security
Mac Compute Use · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 1:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with its stated purpose (macOS GUI automation via an MCP server); nothing requests unrelated credentials or system-wide access beyond the necessary Accessibility permission, but installing third‑party Homebrew taps and granting Accessibility are sensitive and should be trusted explicitly before proceeding.
- Guidance
- This skill appears internally consistent for controlling macOS GUIs, but you should only install and grant permissions if you trust the MCP server implementation. Before installing: (1) inspect the Homebrew tap/formula and upstream GitHub repo (reedburns/mcp-server-macos-use) to verify code provenance; (2) be aware that granting Accessibility lets the tool read and control any app (it can capture visible text, passwords, messages); (3) confirm you trust mcporter (the skill registers the server with mcporter and may suggest installing mcporter via npm); (4) consider running installation in a disposable account or VM first; (5) remove the Accessibility grant and unregister the server when no longer needed. If you cannot review the upstream source, treat the install as higher risk.
Review Dimensions
- Purpose & Capability
- okThe skill is explicitly for macOS GUI automation. Requiring the mcporter binary and installing an mcp-server binary (mcp-server-macos-use) via Homebrew is coherent with that purpose. No unrelated environment variables, credentials, or config paths are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to open apps, click/type/press/scroll, and read UI traversal JSON written to /tmp/macos-use/. Those actions are expected for a desktop-control tool, but they inherently allow reading screen contents (which may include sensitive data). The instructions do not ask for unrelated files or secrets.
- Install Mechanism
- noteThe included setup script uses Homebrew and a tap (reedburns/mcp-server-macos-use) to install the MCP server and registers it with mcporter. Homebrew is typical for macOS tools, but the tap is a third-party source — you should review the formula/repo before installing. The script also suggests installing mcporter via npm if missing.
- Credentials
- okNo environment variables or credentials are requested. The only elevated permission called out is macOS Accessibility (required for UI control), which is proportionate to the stated purpose but grants broad ability to control and read the desktop.
- Persistence & Privilege
- okalways is false and the skill does not demand permanent system-wide changes. It registers the MCP server with mcporter (modifies mcporter config), which is appropriate for its functionality and scoped to this tool.