Macos Click

Security checks across malware telemetry and agentic risk

Overview

The skill matches its macOS automation purpose, but it needs Review because it gives an agent system-wide clicking, dialog, screenshot, and clipboard-adjacent power while understating the privacy and misclick risks.

Install only if you need desktop-level macOS automation and trust the publisher. Grant Accessibility permission only in a controlled terminal or agent environment, avoid running it while confidential material is visible, review any screenshots before sharing or storing them, and require explicit confirmation before actions that could submit forms, approve dialogs, upload files, delete data, or affect accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The safety claim is materially inaccurate. The skill's own instructions include full-screen capture, window enumeration, and native dialog interaction, all of which can expose sensitive on-screen information, filenames, window titles, and user context; describing it as not reading screen content or accessing data understates the privacy impact.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation promotes screenshot capture, coordinate-based clicking, clipboard use, and dialog automation without warning that these actions can affect unrelated apps, expose sensitive screen contents, overwrite clipboard data, or perform unintended clicks if focus changes. In a skill designed for agents, omission of these safeguards raises the chance of privacy loss and destructive misclicks.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script can inject hardware-level mouse input immediately and programmatically once Accessibility permissions are granted, with no in-tool confirmation, policy gate, or scope restriction. In an agent or automation context, this increases the chance of unintended or abusive clicks, including interacting with security prompts, sensitive UI, or destructive controls.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: Invoking System Events through AppleScript enables UI introspection/automation capabilities that are privacy-sensitive on macOS, yet the tool provides no user-facing warning at the point of use. In an automation skill, silent use of these capabilities can surprise users and make downstream misuse easier, even if the current code only queries window metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal