ClawHub

swift-macos

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Swift/macOS development skill that covers sensitive APIs, but the behavior is disclosed and aligned with its stated purpose.

Install/use this skill only if you want a broad Swift/macOS development reference. Review generated code and commands before running them, especially anything that records screen/audio, requests microphone or TCC permissions, registers login items or agents, creates daemons, stores Apple credentials, signs/notarizes apps, or executes remote installer commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The documentation goes beyond ordinary macOS app integration and includes concrete guidance for LaunchAgents and LaunchDaemons, including root-running services. While these APIs are legitimate, documenting them without strong scope limits, trust boundaries, and user-consent guidance increases the chance that downstream agents or developers will build persistent privileged components that are unnecessary for the stated skill scope.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill provides ready-to-use ScreenCaptureKit examples for screen, app-audio, and microphone capture without pairing them with explicit privacy, consent, and TCC-permission guidance. In a code-generation context, this can normalize or accelerate implementation of surveillance-capable features that capture sensitive user data, especially because the examples include audio capture and target-app filtering.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The document recommends `curl -L https://swift.org/install | bash`, which executes remotely fetched content immediately without verification, pinning, or inspection. Even though this appears intended as convenience documentation, it normalizes a risky installation pattern that could lead to arbitrary code execution if the remote endpoint, transport chain, or distribution process is compromised.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The process-observation and per-process audio examples describe how to enumerate running apps and infer which apps are actively using audio I/O, which can reveal sensitive user behavior such as calls or app usage patterns. The lack of an explicit privacy notice, consent flow, retention limits, and platform-policy warnings makes this dangerous because it normalizes surveillance-capable features without safeguards.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The login item, agent, daemon, and background-app sections provide ready-to-use persistence mechanisms but do not clearly warn that these create continuous or login-triggered background execution on the user's system. In practice, this lowers the barrier to implementing stealthy persistence patterns, especially when combined with LSUIElement or helper/agent deployment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal