ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mac-system-control

v1.0.0

管理和控制 macOS 系统功能。包括查看系统信息、管理进程、控制音量/亮度、 网络管理、电源管理、截图、剪贴板、Finder 操作等。当用户要求查看系统状态、 控制系统设置、管理进程、截图、调节音量亮度、查看网络信息、 关机重启睡眠等 Mac 系统操作时使用。

0· 523·2 current·2 all-time
bywei.wu@dlutwuwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md contains macOS commands for system info, process management, audio/brightness, network, power, screenshots, clipboard, and Finder—these directly match the skill name and description. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions run local macOS CLI tools and AppleScript (e.g., system_profiler, pmset, screencapture, pbcopy/pbpaste, networksetup). This matches the stated scope, but several commands are privacy- or safety-sensitive: screencapture and pbpaste/pbcopy access screen and clipboard contents, shutdown/kill/empty-trash are destructive, and curl to ifconfig.me transmits a network request to an external endpoint. The SKILL.md does advise confirming destructive operations, which is appropriate—ensure confirmations are enforced at runtime.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest-risk installation surface (nothing is written to disk by the skill itself). One listed helper (brightness) is optional and notes brew install; nothing is auto-installed by the skill.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system config access beyond standard macOS CLI usage.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request permanent presence or elevated platform privileges. Note: model invocation is enabled by default on the platform (the agent could invoke the skill autonomously); that is normal and not in itself a red flag here.
Assessment
This skill appears coherent for controlling a Mac, but it exposes powerful and privacy-sensitive commands. Before installing or invoking it: ensure the agent prompts you before destructive actions (shutdown, reboot, kill, empty trash), avoid using autonomous invocation if you don't want background changes, be aware screenshots and clipboard access can capture sensitive data, and note that the skill makes an external request (curl ifconfig.me) to learn the public IP. Only run it on devices you trust and require explicit user confirmation for any sudo/destructive commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk9789hz36hvkmxpvaanmtepags83388j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments