Mu Pet
WarnAudited by ClawScan on May 10, 2026.
Overview
The desktop pet mostly matches its description, but its localhost control API can be abused to run code inside a persistent Electron app.
Review or patch the local API before installing. If you still use it, prefer manual launch over auto-launch, install only on macOS, pin dependencies, and avoid sending untrusted text or state values to the localhost API.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local process that can reach the pet API may be able to run commands as the user, rather than only changing the pet's animation state.
The localhost POST body controls values inserted into an executeJavaScript string, while the Electron renderer has Node integration enabled and context isolation disabled. This can turn a state-change API into arbitrary JavaScript/Node execution for a local caller.
const { state, status, bubble, duration } = req.body || {}; ... win.webContents.executeJavaScript(`window.setState("${state}", "${text}", ${dur})`); ... nodeIntegration: true, contextIsolation: falseDo not run this version as a persistent app unless the API is fixed. Validate state against an allowlist, require numeric duration, pass data via IPC/JSON instead of string-built JavaScript, enable contextIsolation, and disable nodeIntegration where possible.
The pet may request or rely on macOS automation/accessibility behavior to detect the active window position.
The app executes a local AppleScript command to inspect the frontmost window bounds. This matches the stated window-avoidance feature, but it is still shell-based OS automation.
const { execSync } = require('child_process'); ... execSync(`osascript -e '${script.replace(/'/g, "'\\''")}'`, { timeout: 1000 })Keep this command limited to window geometry, avoid adding user-controlled input, and disclose any macOS permissions users may need to grant.
If installed with this script, the pet will keep running after login until the LaunchAgent is unloaded or the uninstall script is run.
The installer creates and loads a macOS LaunchAgent that starts the pet on login and keeps it alive. This is coherent with an always-on desktop pet and is also documented in SKILL.md.
<key>RunAtLoad</key><true/> ... <key>KeepAlive</key><true/> ... launchctl load "$PLIST"
Only use the installer if you want auto-launch. Otherwise run the app manually, and use the provided uninstall script or remove the LaunchAgent to stop persistence.
Installation may download dependency versions that were not exactly reviewed in these artifacts.
The app depends on npm packages using caret version ranges, and no lockfile is included in the manifest. A user-directed npm install may resolve newer compatible dependency versions.
"dependencies": { "electron": "^35.0.0", "express": "^4.21.0" }Use a package lockfile or exact pinned versions, and install only from a trusted npm environment.