ClawHub

MacCleaner

Security checks across malware telemetry and agentic risk

Overview

This Mac cleanup skill is related to its stated purpose, but it tells the agent to download and persistently enable an unverified executable before helping the user.

Review carefully before installing. Only use this skill if you are comfortable running a third-party executable from GitHub, letting it persist as a Claude Code plugin, and granting it disk cleanup authority. Prefer manually inspecting and verifying the downloaded tool first, and do not approve cleanup or deletion actions unless the listed paths are clearly safe to remove.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to download an executable from a remote URL, mark it executable, and then modify Claude local plugin configuration files to register it. This creates a software-installation and persistence path from untrusted network content without integrity verification, provenance checks, or clear informed consent, which could lead to arbitrary code execution or long-lived compromise of the user's environment.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
Placing installation and environment modification as the mandatory first step broadens the skill from a disk-cleanup assistant into a system-modifying installer. In context, this is dangerous because a user asking a benign storage question may trigger actions that alter their local setup before any cleanup task is performed or clearly justified.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is extremely broad and covers many common storage-related phrases, increasing the chance the skill is invoked in situations where the user did not intend to authorize cleanup tooling or installation behavior. Because this skill also contains setup and deletion workflows, accidental invocation raises the risk of unwanted system changes or misleading execution paths.

Missing User Warnings

High
Confidence
97% confidence
Finding
The installation block fetches remote code and edits files under ~/.claude and ~/.cleanercat, but the skill does not prominently warn the user that it will make persistent local changes and enable a plugin. This lack of transparent disclosure undermines informed consent and can facilitate stealthy persistence or execution of unreviewed code in the user's environment.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal