Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Computer Use Macos
v0.2.2Top-level macOS computer-use skill with a bundled standalone runtime that bootstraps itself without any local Claude installation, private native modules, or...
⭐ 0· 94·0 current·0 all-time
by@wimi321
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name and description (macOS computer-use) match the included code: TypeScript 'computer-use' tools, a Python helper (mac_helper.py), and an MCP server entrypoint. One mismatch to note: registry metadata claimed 'instruction-only', but the bundle contains a full project with compiled JS and runtime scripts — this is coherent with the stated purpose but means the skill includes executable code rather than being purely prose.
Instruction Scope
SKILL.md instructs building and running the bundled project (npm install, npm run build, node dist/cli.js). The runtime explicitly bootstraps a Python venv and runs a Python helper to take screenshots, control mouse/keyboard, enumerate apps, read/write clipboard, etc. Those actions are exactly within 'computer-use' scope; the instructions do not ask for unrelated system secrets or to scan other agent installations.
Install Mechanism
There is no platform install spec in the registry (install is via the included scripts or ClawHub), but the project will create ~/.codex/skills/computer-use-macos/project, a .runtime/venv, and will run pip to install dependencies from runtime/requirements.txt. The install flow fetches packages from PyPI (not arbitrary URLs) — standard but means network fetches and code will be written to disk on first run.
Credentials
The skill requires no credentials or secret environment variables. Optional environment flags are local configuration knobs (CLAUDE_COMPUTER_USE_*). The code reads a few local env vars (e.g., CODEX_THREAD_ID for lock/session id) and creates files under the user's home; no extraneous credentials are requested.
Persistence & Privilege
always:false (normal). The skill runs a long-lived MCP server process and writes state under the project (.runtime/venv) and a lock under ~/.macos-computer-use-skill. It also requires and will exercise macOS Accessibility and Screen Recording permissions — appropriate for this capability but sensitive. The README asks callers to treat this host as 'trusted-local only.'
Assessment
This bundle appears to implement a real macOS automation/MCP server and is internally consistent with its description — not a credential-exfiltrator by design. Before you install or run it: 1) inspect runtime/requirements.txt and runtime/mac_helper.py (these will be installed/executed by pip/python on first run); 2) review the install script (skill/.../scripts/install.sh) and verify the path it will copy into (~/.codex/skills/...); 3) be aware the skill will request Accessibility and Screen Recording permissions and can capture screenshots, control mouse/keyboard, read/write the clipboard, list apps, and open apps — grant those only if you trust the source; 4) note it will create a venv and install packages from PyPI (network fetches); if you are unsure about trust, run it in an isolated/test macOS account or VM and verify behavior before using on a primary machine; 5) the package metadata lacks a homepage and the registry owner id is present — consider checking the upstream GitHub/ClawHub repo (listed in READMEs) and verifying the publisher identity before full trust.project/dist/lib/execFileNoThrow.js:4
Shell command execution detected (child_process).
project/src/lib/execFileNoThrow.ts:9
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
automationvk9745kv9me6g9rgez77qwff7rd83ygnwcomputer-usevk9745kv9me6g9rgez77qwff7rd83ygnwlatestvk9745kv9me6g9rgez77qwff7rd83ygnwmacosvk9745kv9me6g9rgez77qwff7rd83ygnwmcpvk9745kv9me6g9rgez77qwff7rd83ygnwskillvk9745kv9me6g9rgez77qwff7rd83ygnw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.