Back to skill
Skillv1.0.0
ClawScan security
Mac Use 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 1:24 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, install steps, and requested permissions align with its stated purpose (macOS GUI automation); it operates locally, requires standard macOS accessibility and screen-recording permissions, and does not request unrelated credentials or external installs.
- Guidance
- This skill appears coherent and implements on-device macOS GUI automation. Before installing: (1) Inspect the script if you want extra assurance (it runs locally and uses /tmp for screenshots); (2) only grant Screen Recording and Accessibility to a host process you trust (prefer a Terminal session for testing rather than a long-lived background gateway process — granting these permissions to a daemon gives that process full visual/input access); (3) remember screenshots capture whatever is visible, so avoid running it while sensitive data (passwords, 2FA codes, private documents) is on-screen; (4) pip will install native macOS bindings (pyobjc) and pyautogui — review those package versions if you require strict dependency provenance. If you need automated or background use, plan how you manage host-process permissions carefully because those permissions are powerful.
Review Dimensions
- Purpose & Capability
- okThe skill is a macOS GUI automation tool and requests exactly the things needed for that: python3, pyobjc Vision, pyautogui, Pillow, use of screencapture/osascript, and macOS Screen Recording and Accessibility permissions. There are no unrelated binaries, credentials, or config paths requested.
- Instruction Scope
- okSKILL.md and the included script instruct the agent to capture screenshots to /tmp, run on-device OCR, and move/click/type inside visible windows. The instructions do not reference unrelated files, external endpoints, or additional environment variables. It explicitly warns about typing secrets (clipboard) and documents the required macOS permissions.
- Install Mechanism
- okInstall uses Homebrew to ensure python3 is available and pip to install well-known Python packages from PyPI (pyobjc-framework-Vision, pyautogui, Pillow). No arbitrary downloads or obscure URLs are used. This is a standard install approach for a Python macOS automation script.
- Credentials
- okNo environment variables, secrets, or unrelated credentials are requested. The skill requires macOS accessibility and screen-recording permissions for the host process, which are proportional and necessary for GUI control and screenshot capture.
- Persistence & Privilege
- okThe skill does not set always:true and doesn't request to modify other skills or global agent configuration. It writes temporary artifacts to /tmp (annotated image and element JSON), which is consistent with its function. The only elevated privilege implication is granting Screen Recording and Accessibility to whichever host process runs the script (standard for this kind of automation).