ClawHub

MacOS LaunchDaemon Scheduler

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its advertised macOS scheduling purpose, but its management commands can act on unrelated user LaunchAgents and processes, so users should review it carefully before installing.

Install only if you are comfortable giving the skill user-level LaunchAgent management authority. Use --dry-run first, avoid --yes unless you intentionally need automation, and only pass labels or prefixes you recognize, preferably tasks created by this skill under com.user.launch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The remove command deletes any LaunchAgents plist in ~/Library/LaunchAgents matching a user-supplied prefix, regardless of whether the task was created by this skill. In the context of a launchctl-management skill, this is more dangerous because it can disable or destroy unrelated persistence, automation, or security tooling under the same user account.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
If launchctl start fails, the script reads ProgramArguments from an arbitrary existing plist and executes them directly in the shell context. That turns a scheduling helper into a generic launcher for whatever command is stored in any referenced LaunchAgent, which materially exceeds the stated purpose and can execute attacker-prepared binaries or scripts without further validation.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The stop command accepts any launchd label and then kills the PID returned by launchctl list, without checking that the label belongs to a task created by this skill. In this skill context, that broad scope can terminate unrelated user processes and automation jobs, causing denial of service or operational disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal