macos-accessibility

skills-sh:martinholovsky_claude-skills-generator__macos-accessibility

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Clipboard access with network EXFIL_006

exfiltration L187

Detects clipboard access combined with network operations

XSel + nc

FIX

Restrict DNS queries to legitimate resolution. Block the construction of DNS names that encode arbitrary data (DNS tunneling). Monitor for unusually long or high-entropy subdomains.

FP?

Likely FP if the match is a documentation reference to DNS lookup functionality for legitimate hostname resolution.

LOW

Python subprocess execution CMDEXEC_003

command-execution L248

Detects Python subprocess and os.system calls for command execution in skill descriptions

subprocess.run(

FIX

Pass arguments as an explicit list instead of a shell string. Set shell=False and validate all user-supplied values before inclusion.

FP?

Likely FP if the match is in documentation explaining Python subprocess usage or in a description mentioning it as a topic.