Peekaboo 1

Security checks across malware telemetry and agentic risk

Overview

This skill transparently documents a powerful macOS UI automation CLI, and the sensitive capabilities match its stated purpose.

Install only if you want an agent to automate your Mac UI. Avoid running it while sensitive content is visible or on the clipboard, review actions before letting it click or type into important apps, and revoke Screen Recording/Accessibility permissions when you no longer need the tool.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This skill exposes highly privileged macOS UI automation capabilities including screen capture, input synthesis, clipboard access, dialog interaction, app control, and script execution, but it does not present clear safety boundaries, consent requirements, or warnings about destructive and privacy-impacting use. In an agent context, these features can be chained to read sensitive on-screen data, manipulate user applications, approve prompts, or exfiltrate clipboard contents, making the omission materially risky even if the documentation appears neutral.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal