ClawHub

xcodebuildmcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Xcode automation skill whose powerful simulator, device, logging, screenshot, and debugger actions are aligned with its development purpose.

Install only if you intend to let an agent drive Xcode workflows. Prefer pinning and reviewing the external XcodeBuildMCP package instead of using a moving `latest` install, use test projects/devices when possible, and be cautious before allowing screenshots, logs, video recording, physical-device installs, simulator erase/clean actions, or LLDB commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly advertises screenshots, screen recording, and log capture, which can collect sensitive information such as app content, credentials, tokens, personal data, or device identifiers. Without an explicit user-facing warning and consent checkpoint, an agent could invoke these capabilities in routine workflows in ways the user does not fully anticipate.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill describes device installation and UI automation actions that can change state on simulators or connected devices, including app installation, settings changes, and interaction sequences. Without a prominent warning and confirmation requirement, users may not realize the agent is permitted to perform state-changing operations on real devices, increasing the risk of unintended modifications or privacy-impacting actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly encourages screenshots for verification and elsewhere includes log capture and simulator video recording, but provides no warning that these actions can collect sensitive application content, credentials, tokens, personal data, or system information visible in the UI or logs. In an agent-driven workflow, this omission increases the chance of silent over-collection and unintended retention or exfiltration of sensitive data during routine debugging or testing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The device workflow instructs building, installing, and launching an app on a connected physical device without warning that it will modify the device state and may disrupt user activity, overwrite an existing app build, consume resources, or expose data on real hardware. Because this skill is meant to drive Xcode/device actions, the context makes the omission more dangerous: an automated agent could perform these steps on a real device with immediate real-world effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal