Skills
skills/alphaonedev/openclaw-graph/macos/Gen Agent Trust Hub

macos

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates arbitrary command execution using the Python subprocess module to perform file operations, query system information, and monitor resources.
  • [COMMAND_EXECUTION]: Includes instructions for privilege escalation by recommending the use of sudo to bypass system permission errors during command execution.
  • [COMMAND_EXECUTION]: Enables system persistence mechanisms through the use of launchctl to load and manage background daemons and services via plist files.
  • [COMMAND_EXECUTION]: Utilizes osascript to execute AppleScript, allowing the agent to interact with the macOS GUI and control installed applications.
  • [COMMAND_EXECUTION]: The skill presents an attack surface for indirect prompt injection by dynamically constructing shell commands from user-provided JSON payloads and queries without explicit sanitization logic or defined boundary markers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 05:44 PM