This detection rule is designed to identify potential malicious behavior on macOS systems where an attacker might be attempting to collect data from the system clipboard using the osascript utility. The rule focuses on monitoring the process creation events that include the execution of the osascript command with parameters specifically looking for interactions with the clipboard. Given that clipboard data can contain sensitive information, unauthorized access or collection can pose significant security risks. The detection mechanism relies on analyzing the CommandLine parameters used during process creation and looks for specific flags associated with osascript and clipboard manipulation. The emphasis on a high detection level highlights the importance of monitoring this behavior closely. As adversaries increasingly leverage scripting languages like AppleScript to streamline attacks on macOS, this rule serves as an essential tool for threat detection and incident response efforts.