Skillv1.0.0

ClawScan security

MacOS LaunchDaemon Scheduler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 2:05 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (creating and managing user-level launchd/launchctl scheduled tasks), but review the script and be cautious about the --yes skip-confirm option and the fact it will write persistent plist files in your user LaunchAgents folder.
Guidance: This skill appears to do what it says (manage user-level launchd tasks). Before installing or running it: 1) Verify you will run it on macOS and inspect the full scripts yourself (scripts/macos_launchctl.sh) to ensure no unexpected commands or network access; 2) Test with --dry-run to preview generated plist contents and paths; 3) Confirm the displayed plan and plist content before allowing actual writes/launchctl load; avoid using the --yes flag unless you deliberately want non-interactive automation; 4) Check any generated plist files in ~/Library/LaunchAgents and the .plist.bak backups before trusting them; 5) If you allow an agent to invoke skills autonomously, be aware it could create persistent scheduled jobs — restrict autonomous invocation or monitoring if you want tighter control.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the SKILL.md and included bash script generate plist files, write them to ~/Library/LaunchAgents, and call launchctl/open/osascript to start/stop apps. The required capabilities are coherent with a macOS launchd scheduler. Note: the skill relies on macOS builtins (launchctl, open, osascript, mdfind) even though the registry metadata lists no required binaries; this is expected for a macOS-only tool but worth verifying you run it on macOS.
Instruction Scope: noteSKILL.md keeps scope focused on scheduling apps via launchd and documents a preview/confirmation flow and dry-run. It references only relevant files (plist path, ~/Library/LaunchAgents, /tmp logs) and uses mdfind/open/osascript for app resolution and control. One behavioral caveat: the instructions strongly recommend preview+confirmation, but the script provides a --yes option to skip confirmation (intended for automation). That means real enforcement relies on agent/user behavior rather than a sandboxed restriction.
Install Mechanism: okNo install spec — instruction-only with a bundled script. Nothing is downloaded from the network or written to system-wide locations by an installer. Risk is limited to executing the provided script on a macOS user account.
Credentials: okThe skill requests no credentials or environment variables. It only operates on user-level paths and uses standard macOS commands. No unrelated secrets or external service tokens are required.
Persistence & Privilege: noteThe script creates persistent user-level LaunchAgent plist files (~/Library/LaunchAgents) and uses launchctl to load/unload them. That's an intended capability for a scheduler, but it results in persistent behavior on the user's account. Coupled with autonomous invocation and the --yes flag, there is a non-zero risk that an automated agent could create scheduled tasks without interactive confirmation — the SKILL.md prescribes confirmation, but it isn't enforced by the system.