ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Airfoil

v1.0.1

Control AirPlay speakers via Airfoil from the command line. Connect, disconnect, set volume, and manage multi-room audio with simple CLI commands.

0· 2.1k·4 current·4 all-time
byAndy Steinberger@asteinberger
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior. The script uses osascript to talk to the Airfoil app (connect, disconnect, set volume, list/status) — exactly what the skill advertises. OS restriction (darwin) and required binary (osascript) are appropriate.
Instruction Scope
SKILL.md and the script only interact with the Airfoil app via AppleScript and local command-line utilities. The instructions correctly ask the user to install Airfoil and grant accessibility/automation permissions. Note: granting Terminal/iTerm Automation/Accessibility is sensitive because it allows controlling other apps — the SKILL.md documents this and the script itself contains only direct Airfoil AppleScript calls.
Install Mechanism
No install spec in the skill bundle (instruction-only with a small shell script). The SKILL.md recommends installing Airfoil via Homebrew or rogueamoeba.com, which are reasonable and expected for this purpose. Nothing is downloaded or executed from an untrusted URL by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The requested permissions (Accessibility/Automation) are proportional to using AppleScript to control Airfoil.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or attempt to modify other skills or system configuration. It runs only when invoked and performs local AppleScript operations.
Assessment
This skill appears to do exactly what it says: it runs local AppleScript (osascript) to control the Airfoil app. Before installing or running: 1) Ensure you trust the source and have legitimately installed Airfoil (the app is commercial). 2) Review the included airfoil.sh (it's short and readable). 3) Be aware that granting Terminal/iTerm Automation or Accessibility permissions allows scripts to control apps on your Mac — only grant those permissions if you trust the skill. 4) No network exfiltration or secret access is requested by the skill, but always confirm you installed Airfoil from the official site or Homebrew cask.

Like a lobster shell, security has layers — review code before you run it.

latestvk97195cbt5xf3k9bgp26rtyzt17zwb5q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔊 Clawdis
OSmacOS
Binsosascript

Comments