macos-audio

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward macOS audio-control skill, but installing it lets an agent change live audio routing, Bluetooth connections, volume, and playback when asked.

Install this only if you want an agent to manage your Mac's audio devices. Review requests before allowing connect, disconnect, AirPlay routing, playback, or volume changes, and verify that you trust the Homebrew tap and dependencies before installing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly enables system-changing actions such as switching audio outputs, connecting Bluetooth devices, changing system volume, and starting playback, but it does not warn that these actions affect the host machine immediately. In an agent setting, that omission can lead to surprising or unwanted state changes, privacy issues, or disruption of active audio sessions because the agent may invoke these commands without clearly signaling impact to the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal