Safety Report

Mole Mac Cleanup

Name: Mole Mac Cleanup
Rating: 5 (1 reviews)
Author: bjesuiter

Mac cleanup & optimization tool combining CleanMyMac, AppCleaner, DaisyDisk features. Deep cleaning, smart uninstaller, disk insights, and project artifact purge.

2,377Downloads

7Installs

1Stars

3Versions

Security Analysis

high confidence

Clean0.04 risk

The skill's stated purpose (mac cleanup) matches what it requests and instructs: it installs/runs a Homebrew 'mole' binary and tells the agent to run that binary's cleanup/optimize commands — nothing requested is out of scope.

Feb 11, 20261 files1 concern

Purpose & Capabilityok

Name/description, required binary ('mo'), and the install spec (brew formula 'mole') are consistent with a mac cleanup/optimization tool. The SKILL.md documents exactly the 'mo' commands you would expect for this purpose.

Instruction Scopenote

Instructions direct the agent to run destructive system-cleanup commands (clean, optimize, purge) that legitimately belong to a cleanup tool. This is expected, but these commands can delete caches, installers, build artifacts, and may require elevated privileges — the SKILL.md does warn to use --dry-run, which is good practice.

Install Mechanismok

Install spec uses Homebrew (formula: mole) to provide the 'mo' binary. Homebrew is a typical, low-friction install mechanism; user should still verify the formula/tap origin before installing to ensure it points to the expected project.

Credentialsok

No environment variables, secrets, or unrelated credentials are requested. The skill only needs the 'mo' binary and user filesystem access appropriate for a cleanup tool.

Persistence & Privilegeok

Skill is not forced-always, doesn't request persistent system-wide privileges, and doesn't modify other skills. It may require sudo at runtime for some operations, but those privileges are standard for system-cleanup actions and are not requested as credentials in the skill metadata.

Guidance

This skill appears coherent for a mac cleanup tool, but it performs potentially destructive system operations. Before installing or allowing an agent to run it: 1) verify the Homebrew 'mole' formula source (ensure it points to the expected GitHub repo) to avoid installing a malicious build; 2) always run the listed --dry-run and inspect the planned deletions; 3) back up any important data and review ~/.config/mole/purge_paths before running purge; 4) be prepared for sudo/elevation prompts and only grant them interactively after review; 5) if you do not want the agent to autonomously run destructive commands, consider disabling autonomous invocation for this skill or requiring manual confirmation before execution.

Latest Release

v1.1.0

- Added author information to the skill metadata. - Changed metadata formatting structure for improved clarity. - No changes to features or usage instructions.

More by @bjesuiter

Opencode Acp Control

8 stars

Prd

7 stars

0 stars

exe-dev

0 stars

Bridle

0 stars

self-improving-agent

@pskoett · 1,456 stars

Published by @bjesuiter on ClawHub