ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

macOS Desktop Control Enhanced

v1.0.0

macOS Desktop Control Enhanced provides system-wide desktop automation on macOS, including screenshot capture, process management, clipboard operations, syst...

0· 0·0 current·0 all-time
by@pry520okgpt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md consistently implement macOS-specific capabilities (screenshot, app/process control, clipboard, mouse/keyboard). However the registry metadata lists no OS restriction and declares no required binaries while the implementation depends on macOS commands (screencapture, osascript, pmset, sw_vers, pkill, kill, open). The missing macOS-only designation and absent declared binaries are inconsistent with the skill's purpose.
!
Instruction Scope
Runtime instructions and scripts perform sensitive system operations: reading and setting the clipboard, capturing screenshots, killing processes, launching/terminating apps, and synthesizing mouse/keyboard events. Those actions are within the stated purpose but are inherently high‑impact. The SKILL.md does not limit when or how these functions should be used, and the code contains implementation errors (see details) that could cause unexpected behavior.
Install Mechanism
There is no install spec (instruction-only), so nothing will be downloaded or installed by the platform. The skill includes local Python scripts which the agent may execute; this is low installation risk but means the scripts will run on the host if invoked.
Credentials
No environment variables, credentials, or config paths are requested. The absence of requested secrets is appropriate for the stated functionality.
Persistence & Privilege
The skill is not marked 'always' and defaults allow autonomous invocation. Autonomous invocation combined with the ability to control input, clipboard, screenshots, and processes increases the blast radius if the agent runs the skill without explicit user oversight. Consider limiting autonomous use for such capabilities.
What to consider before installing
This skill appears to implement the advertised macOS automation features, but several red flags and practical issues mean you should be cautious before installing or enabling it: - Metadata mismatch: the skill is clearly macOS‑only (it calls macOS utilities) but the registry lists no OS restriction and declares no required binaries. Ask the publisher to mark it macOS-only and declare dependencies. - Sensitive capabilities: it can read/overwrite the clipboard, capture screenshots, kill processes, and synthesize mouse/keyboard input. Only install if you trust the author and intend to run it on a trusted, isolated macOS machine. These capabilities can be abused to exfiltrate secrets or drive the UI to perform actions without your consent. - Code quality issues: the included Python has bugs (e.g., uses re.search without importing re, duplicate/contradictory terminate_app definitions, potentially incorrect open/osascript invocations). These are likely to cause errors or unexpected behavior and suggest the package was not thoroughly tested. - No source/homepage: there is no homepage or canonical source. Prefer skills with a linked repository or vendor page so you can audit changes and provenance. - Operational safety: macOS will require explicit Screen Recording and Accessibility permissions for many of these operations—verify what permissions will be requested. Test the scripts in a sandbox or disposable environment first. Recommended next steps before installing: 1) Request the publisher add OS restriction to macOS and list required system commands. 2) Ask for a canonical source (GitHub repo or homepage) and release history. 3) Request fixes for the code issues (import re, correct AppleScript/shell invocation, remove duplicate functions) and a clearer README on permission requirements. 4) Limit autonomous invocation for this skill or require explicit user confirmation before running functions that control input, manage processes, or access the clipboard/screenshots. If you cannot obtain those assurances, treat this skill as potentially risky and avoid installing it on any machine with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e14kdz5kx1zvja54s5933ax84n349

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments