iPhone

Security checks across malware telemetry and agentic risk

Overview

This instruction-only iPhone support skill is coherent and disclosed, with the main caution that it can keep local troubleshooting notes and guide user-confirmed phone changes.

Before installing, decide whether you want local iPhone troubleshooting notes kept in ~/iphone/. Review or delete that folder if needed, do not share passwords or recovery codes, and require explicit confirmation before deletion, profile removal, reset, or automation steps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to store concise notes about the user's device, recurring incidents, and approval boundaries in `~/iphone/memory.md` without any notice, minimization rules, retention limits, or consent flow for persistent storage. This creates a privacy and security risk because sensitive behavioral and device data may be accumulated on disk and later exposed to other tools, users, or sessions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal