ClawHub

Macvital

v1.0.1

Check macOS hardware health: CPU usage, RAM pressure, disk space, temperatures, and top processes. Returns a quick status summary or full breakdown. USE WHEN...

0· 95·0 current·0 all-time
by@wrentheai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: the script runs macOS system utilities (top, vm_stat, sysctl, df, ioreg, powermetrics, ps) to collect CPU, RAM, disk, temperature, and process info. There are no unrelated binaries, env vars, or external services required.
Instruction Scope
SKILL.md instructs only to run the bundled script and documents the commands. The script only executes local system commands and prints results. Note: the script calls 'sudo powermetrics' for die temps (documented) and uses subprocess with shell=True for some fixed command strings; if callers pass untrusted input into those string commands (e.g., arbitrary text injected into the 'n' parameter), shell injection risk could arise. Also there is a bug in RAM percentage math (used_pct calculation multiplies by 1024**3 unnecessarily) that may misreport RAM percent.
Install Mechanism
No install spec; skill is instruction + script only. Nothing is downloaded or written to disk by an installer step.
Credentials
No environment variables, credentials, or config paths are requested. The optional need for sudo to read die temperatures is reasonable and documented.
Persistence & Privilege
Skill is not always-enabled and does not request persistent presence or modify other skills/system settings. It runs ad-hoc when invoked.
Assessment
This skill appears to do exactly what it claims: local macOS health checks using standard system commands, with no network calls or credential access. Things to consider before installing: (1) the script may require sudo to show die temperatures — it will prompt for a password if run interactively; (2) the code uses subprocess for shell commands (some with shell=True). That is fine for fixed commands, but avoid passing untrusted input into CLI args to prevent injection; the author-supplied CLI appears safe, but be cautious if you plan to call the script programmatically with user-supplied strings. (3) There is a minor bug in RAM percentage calculation that may produce incorrect RAM% — treat numeric thresholds with caution. (4) The skill has no homepage and an unknown owner; if you will rely on it long-term, consider auditing the full file (scripts/macvital.py) locally or running it in a controlled environment first. Otherwise it is coherent and proportionate for its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk971v7hsbjpfme4trsy0gevbbn834zy6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments