We checked this and rejected itsecurity

Macuse: why it is not safe to use

Macuse passed our review at 88/100; the cautions are about the broad power its Computer Use grants, not any code or data-handling flaw.

What we found

Macuse (macuse-app/macuse-mcp) cleared our automated review with a score of 88/100. The MIT-licensed bundle contains no hardcoded secrets, no obfuscated or eval-style code, no destructive shell commands, and no remote script fetches at runtime. The wrapper itself makes no outbound network calls, and the vendor states that processing stays on the Mac with no content telemetry.

Three items drew a caution rather than a failure, all tied to how the tool works by design:

  • It reads Mail, Messages, and Notes content into the model, so malicious text sitting in your inbox could try to steer the agent toward other apps.
  • Its Universal Computer Use can drive any visible app, including password managers and banking, so it can reach credential screens.
  • That same breadth is effectively wide local control, click and type anywhere, on your Mac.

Each is gated behind native macOS permission prompts and explicit per-app, per-client authorization you can revoke.

What to do instead

You can use Macuse, with care. Grant app access one at a time rather than all at once, keep sensitive apps (password managers, banking) unauthorized or set to re-confirm per action, and treat unexpected inbox instructions with suspicion. Review and revoke permissions periodically.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/macuse-app/macuse-mcp

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Go back to ChatGPT or Claude and paste it to teach the skill.