Skills
skills/evanfang0054/cc-system-creator-scripts/mac-maintenance-cleanup/Gen Agent Trust Hub

mac-maintenance-cleanup

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file references/mole-commands.md suggests an installation method using curl -fsSL https://raw.githubusercontent.com/tw93/mole/main/install.sh | bash, which executes unverified remote scripts directly in the shell.
  • [EXTERNAL_DOWNLOADS]: The skill depends on 'Mole', an external utility hosted on a personal GitHub repository (tw93/mole), and references other tools via Homebrew and RubyGems from sources not included in the trusted vendors list.
  • [COMMAND_EXECUTION]: The skill performs high-risk system operations including rm -rf on user directories, sudo reboot, and modifying system databases via sudo mdutil.
  • [COMMAND_EXECUTION]: The documentation in references/cleanup-best-practices.md suggests establishing persistence on macOS by creating launchd agents (com.user.cleanup.plist) and cron jobs for recurring tasks.
  • [COMMAND_EXECUTION]: The mo touchid command is described as a utility to modify system-level PAM configurations to enable Touch ID for sudo authentication, which alters the core security posture of the operating system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 06:55 AM