ClawHub
Back to skill

Security audit

SidecarOneStep

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed macOS Sidecar automation integration, with a caution around its optional web control server.

Install only if you trust the SidecarOneStep app and its GitHub release source. Before using the web console, check whether it is localhost-only or otherwise protected, use it only on trusted networks, and stop it when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to start/stop an HTTP control server but provides no warning about network exposure, authentication, binding scope, or the risks of remote control interfaces. In the context of a macOS device-control tool with automation and MCP integration, undocumented exposure of an HTTP control surface could lead users to enable remote access unsafely, increasing the chance of unauthorized control or information leakage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill encourages starting an HTTP control server for remote Sidecar control but does not warn users that this exposes a control interface, nor does it document binding restrictions, authentication, or network-scope limitations. In context, this is more dangerous because the server appears to control device connectivity and possibly display state, so accidental exposure on a local network could allow unauthorized interaction or leak operational data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.