Watchos Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only watchOS code review skill with one under-scoped storage-security recommendation users should apply carefully.

Safe to install for watchOS review help, but treat its file-protection advice cautiously. Do not apply `.noFileProtection` to health, personal, credential, financial, or other sensitive data; use the least permissive protection class compatible with the required background behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guidance explicitly recommends writing background-accessed data with `.noFileProtection`, which weakens data-at-rest protections on the device. In a watchOS performance guide, this is risky because it presents a security-relevant tradeoff as a simple performance/reliability fix, without limiting the advice to non-sensitive data or recommending safer protection classes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal