ClawHub

Macvital

Security checks across malware telemetry and agentic risk

Overview

This is a local Mac health-check skill whose command execution and optional sudo temperature check fit its disclosed purpose, though users should be careful with admin prompts and process details.

Install only if you want a local macOS diagnostics helper. Prefer non-sudo status/check/top commands for routine checks, avoid sharing detailed output if process names or system details are sensitive, stop watch mode when finished, and approve sudo only when you specifically requested temperature data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, timeout=10):
    try:
        r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, shell=isinstance(cmd, str))
        return r.stdout.strip()
    except Exception:
        return ''
Confidence
95% confidence
Finding
r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, shell=isinstance(cmd, str))

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Temperature only (more accurate with sudo)
python3 scripts/macvital.py temp
sudo python3 scripts/macvital.py temp

# Exit code check (for scripting: 0=ok, 1=warn, 2=critical)
python3 scripts/macvital.py check
Confidence
78% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal