Apple Books

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Apple Books helper, but it can expose private reading history, highlights, and notes to the agent using it.

Install only if you are comfortable letting the host agent process read Apple Books data. Because Full Disk Access can grant more local visibility than this skill itself uses, run it only in a trusted environment, ask for the narrow Apple Books information you need, and avoid sharing highlights or notes unless intentional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill requires Full Disk Access and provides direct queries over highly personal local data: the user's book library, reading progress, highlights, and notes. While the functionality appears legitimate for the stated purpose, the skill lacks an explicit privacy warning and consent guidance proportionate to the sensitivity of the accessed data, which increases the risk of unintentional disclosure or over-collection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal