ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

macos-security-scan

v1.0.0

Scans a macOS computer for signs of tampering, malware, keyloggers, and suspicious activity — especially useful after a device has been sent for repair or ha...

0· 199·0 current·0 all-time
by@vincentyao

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for vincentyao/macos-security-scan.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "macos-security-scan" (vincentyao/macos-security-scan) from ClawHub.
Skill page: https://clawhub.ai/vincentyao/macos-security-scan
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install macos-security-scan

ClawHub CLI

Package manager switcher

npx clawhub@latest install macos-security-scan
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included script: the script enumerates processes, launch items, TCC privacy entries, kernel extensions, network connections, and system security settings — all coherent with a macOS security scan. However, the skill metadata claims no required binaries while the script calls many macOS tools (csrutil, spctl, fdesetup, sqlite3, lsof, osascript, ps, etc.). Not declaring these dependencies in the registry is an inconsistency to be aware of.
!
Instruction Scope
The SKILL.md instructs the agent to run the bundled script (optionally with sudo) and to 'always use this skill' for post-repair checks. The script performs many sensitive, read-only operations (reading TCC.db, scanning launch agents/daemons, listing processes and network connections). Those reads are expected for a scan, but they are privacy-sensitive. The 'always use' directive is scope creep because it encourages the agent to run this scan proactively even when the user hasn't explicitly requested it.
Install Mechanism
There is no install spec and this is effectively an instruction + included script. That minimizes supply-chain risk (no external downloads). The skill does include a local Python script which will be copied with the skill — review it before running.
Credentials
No environment variables or external credentials are requested, which is proportionate. The only elevated access requested is optional sudo for deeper reads. Be aware the script reads sensitive local artifacts (TCC.db, /Library, LaunchAgents, process lists) — this is expected but sensitive; the skill does not declare the full set of system binaries it will call.
!
Persistence & Privilege
always:false (good) but model invocation is allowed (normal). Combined with the SKILL.md instruction to 'always use' the skill for post-repair checks, there's a risk the agent will run the scan without a clear, explicit user prompt. The skill does not modify system state, but it can create a report file on the user's Desktop and will read many privacy-sensitive artifacts.
What to consider before installing
This skill appears to be doing what it says — a read-only macOS security scan — but take these precautions before installing or running it: - Inspect the included script (scripts/scan.py) yourself or have someone you trust review it. The skill ships code that will be executed locally; make sure you are comfortable with it. - The script reads sensitive system data (TCC.db for privacy permissions, launch plists, process lists, network connections). That is expected for a scan, but understand the privacy implications of generating a report that may contain process names, installed items, and app permission lists. - Run the scan without sudo first to limit the scope of reads. Only use --sudo if you explicitly agree and understand that it will attempt to access system-wide databases. - Confirm the agent will not run this skill automatically in contexts you don't expect. The SKILL.md's 'always use' guidance is a behavioral instruction to the agent — ensure the agent only runs the scan when you explicitly want it. - Because the registry metadata does not list the system utilities the script calls, ensure the execution environment has standard macOS tools (csrutil, spctl, fdesetup, sqlite3, lsof, osascript) and be aware of how the script will behave if some of those tools are missing. If you want higher assurance, run the script locally from a terminal (reviewing it first) rather than letting an automated agent run it autonomously, and avoid sharing the generated report unless you trust the recipient.

Like a lobster shell, security has layers — review code before you run it.

latestvk975rzf16626r2swrhczd9sryh834wk2
199downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@vincentyao
latest
Download

macOS Security Scan Skill

This skill runs a comprehensive, read-only security scan of a macOS machine and produces a detailed report. It is safe to run — it only reads system state and never modifies anything.

Workflow

Step 1 — Explain to the user what will happen

Tell the user:

  • The scan is read-only and safe. Nothing will be changed or deleted.
  • Some checks (marked with ⚠️) produce richer results when run with sudo, but all checks work without it.
  • The scan takes about 30–60 seconds.
  • A report file will be saved when done.

Ask: "Ready to run the scan? And do you want to run it with sudo for deeper results, or without sudo to keep it simple?"

Step 2 — Run the scan script

Once the user confirms, run:

python3 scripts/scan.py [--sudo] --out ~/Desktop/security_report.md

Pass --sudo only if the user agreed to it. The script handles all checks and writes the report file.

Step 3 — Summarise findings in chat

After the script finishes, read the report and give the user a plain-English verdict in chat:

  • Looks clean — No significant threats found. Briefly note what was checked.
  • ⚠️ Needs attention — List the specific findings that look suspicious, explain what each one means in plain language, and recommend next steps.
  • 🚨 Serious concern — If any high-confidence indicators are found (active keylogger, known malware process, suspicious kernel extension), say so clearly and recommend they contact Apple Support or a security professional before using the device for sensitive tasks.

Always remind the user: this scan is a good first check, but it is not a replacement for dedicated antivirus software.

Step 4 — Point the user to the report file

Tell them the report has been saved to ~/Desktop/security_report.md and they can open it in any text editor or share it with a professional.

What the Scan Checks

CategoryWhat is checked
Keyloggers & input monitorsProcesses with Accessibility / Input Monitoring permissions; IOHIDFamily kernel extensions
Suspicious background processesRunning processes cross-referenced against a known-bad list; processes with no bundle ID hiding in temp folders
Launch agents & daemonsStartup items in all LaunchAgent / LaunchDaemon directories, flagging unknown or recently added items
Network connectionsActive connections, listening ports, and processes making outbound connections to non-Apple IPs
Recently installed softwareApps and packages installed in the last 14 days
Login itemsItems set to launch at login via System Settings
Kernel extensions (kexts)Third-party kexts loaded into the kernel
Browser extensionsInstalled extensions for Safari, Chrome, and Firefox
Privacy permissionsApps with Camera, Microphone, Screen Recording, Accessibility, Full Disk Access
System Integrity ProtectionWhether SIP is enabled (disabled SIP is a red flag)
GatekeeperWhether Gatekeeper is enforcing app signing
FileVaultWhether disk encryption is active

Interpreting Results

Guide the user using these thresholds:

Green (normal)

  • SIP enabled, Gatekeeper on, FileVault on
  • No unknown kexts
  • No processes in /tmp, /var/folders, or home-directory hidden folders
  • Launch agents all belong to known software the user recognises
  • No unusual Accessibility or Screen Recording permissions

Yellow (worth investigating)

  • Apps with Screen Recording or Accessibility access the user doesn't recognise
  • Launch agents with random-looking names or paths in unusual locations
  • Software installed in the days around the repair that the user didn't install
  • Open ports the user doesn't expect

Red (act now)

  • SIP disabled
  • Unknown kernel extensions
  • Processes actively keylogging (IOHIDFamily hooks from unknown processes)
  • Known malware process names (see scripts/scan.py bad-list)
  • Outbound connections from hidden processes to non-standard IPs

Notes for the Agent

  • Never make the user feel panicked unnecessarily. Many yellow flags are legitimate (e.g. Logi Options has Accessibility access, Zoom has Screen Recording). Always say "check whether you recognise this" before calling something suspicious.
  • If the user asks what a specific process or item is, look it up or explain it — don't just say "unknown".
  • If the user wants to remove something, do NOT do so automatically. Guide them to System Settings or explain the manual removal steps. The scan is read-only; remediation is a separate, deliberate action.

Comments

Loading comments...