Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Computer Use Macos
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s behavior matches its advertised macOS computer-control purpose, but it requires broad local desktop permissions and runs dependency bootstrap commands that users should review.
Install this only if you want an agent to view and control your Mac desktop. Review the bundled dependencies, run it in a trusted local session, grant macOS permissions deliberately, and close sensitive windows or clear sensitive clipboard contents before use.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI02: Tool Misuse and Exploitation
Medium
What this means
If installed and invoked, the agent may be able to click, type, launch apps, inspect windows, take screenshots, and interact with the clipboard.
Why it was flagged
The skill exposes broad desktop automation tools that can observe and act on the local machine. This matches the computer-use purpose, but it is powerful.
Skill content
standalone MCP server for screenshots, mouse, keyboard, app launch, display switching context, and clipboard
Recommendation
Use only for tasks where you intentionally want local desktop automation, and keep sensitive apps or documents closed when not needed.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
Granting these permissions gives the runtime significant ability to see and control what happens on the Mac while it is running.
Why it was flagged
These macOS permissions allow broad observation and control of the desktop. The README discloses them and the code checks them through the MCP flow.
Skill content
macOS still requires: - Accessibility - Screen Recording
Recommendation
Grant Accessibility and Screen Recording only if you trust the skill and need its desktop-control functionality; revoke them in macOS settings when no longer needed.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
It may be harder for a user to independently verify the provenance of the bundled runtime from the registry metadata alone.
Why it was flagged
The registry metadata does not provide a verified source or homepage for the bundled code, even though the package includes a runtime and dependency bootstrap path.
Skill content
Source: unknown Homepage: none
Recommendation
Install only from a trusted publisher/source and review the bundled project, package lock, and Python requirements if provenance matters to your environment.
#
ASI05: Unexpected Code Execution
Low
What this means
First run may execute Python and pip commands and install dependencies into the bundled project’s runtime directory.
Why it was flagged
The runtime creates a Python virtual environment and installs dependencies during bootstrap. This is disclosed and central to the standalone runtime, but it is still local command execution and package installation.
Skill content
await runOrThrow('python3', ['-m', 'venv', venvRoot], 'python venv creation'); ... await runOrThrow(pythonBinPath(), ['-m', 'pip', 'install', '-r', requirementsPath], 'python dependency install');Recommendation
Run the setup in a trusted environment, review dependency files if needed, and avoid invoking the skill if you do not want it to install local runtime dependencies.
#
ASI07: Insecure Inter-Agent Communication
Medium
What this means
The invoking agent may receive screenshots or clipboard contents that include sensitive information visible on the desktop.
Why it was flagged
Screen and clipboard data are exposed through the local MCP tool interface to the invoking agent. The artifacts present this as local/trusted use, not hidden exfiltration.
Skill content
MCP server for screenshots, mouse, keyboard, app launch, display switching context, and clipboard
Recommendation
Use with trusted local agents only, avoid remote or untrusted MCP clients, and clear or protect sensitive clipboard/screen contents before use.