Siri
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user following these examples could expose private messages or send communications/calendar changes from their Apple account.
These are user-directed Siri command examples that can read or send communications and modify calendar data if the user chooses to invoke them.
"Send a message to [name]: [content]" ... "Read my messages" ... "Schedule [event] for [date] at [time]"
Use Siri’s built-in confirmations, verify recipients and content before sending, and avoid using read/send commands in shared or untrusted environments.
HomeKit commands can change the state of lights, locks, garage doors, or other physical devices.
The skill documents commands that affect HomeKit devices and security accessories; it also discloses Apple’s authentication requirement for sensitive devices.
"Turn on porch light at sunset", "Lock doors at 10 PM" ... "Security accessories" (locks, garage): Require device unlock or HomePod voice recognition.
Be careful with home-security commands and verify HomeKit authentication, household member permissions, and device names before relying on voice control.
A user-created automation could continue running later without a manual confirmation each time, depending on its settings.
The guidance covers persistent Shortcuts automations that may run automatically after the user configures them; this is disclosed and purpose-aligned, not hidden skill persistence.
"Some triggers require confirmation, some run automatically. Settings > Shortcuts > Automation > [your automation] > Ask Before Running"
Review Shortcuts automation triggers, keep “Ask Before Running” enabled for sensitive actions, and test automations before relying on them.