Siri
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: siri Version: 1.0.0 The skill bundle consists entirely of documentation files (.md) and a metadata file. The content provides comprehensive information about Apple's Siri, HomeKit, and Shortcuts, including usage instructions, development guidelines, and troubleshooting tips. There are no executable scripts, no network calls, no file system operations, and no instructions that could be interpreted as prompt injection against the OpenClaw agent. The Swift code snippets in `development.md` are illustrative examples for app developers, not code intended for execution by the agent. All content is informational and aligns with the stated purpose of helping an AI agent provide guidance on Siri.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user following these examples could expose private messages or send communications/calendar changes from their Apple account.
These are user-directed Siri command examples that can read or send communications and modify calendar data if the user chooses to invoke them.
"Send a message to [name]: [content]" ... "Read my messages" ... "Schedule [event] for [date] at [time]"
Use Siri’s built-in confirmations, verify recipients and content before sending, and avoid using read/send commands in shared or untrusted environments.
HomeKit commands can change the state of lights, locks, garage doors, or other physical devices.
The skill documents commands that affect HomeKit devices and security accessories; it also discloses Apple’s authentication requirement for sensitive devices.
"Turn on porch light at sunset", "Lock doors at 10 PM" ... "Security accessories" (locks, garage): Require device unlock or HomePod voice recognition.
Be careful with home-security commands and verify HomeKit authentication, household member permissions, and device names before relying on voice control.
A user-created automation could continue running later without a manual confirmation each time, depending on its settings.
The guidance covers persistent Shortcuts automations that may run automatically after the user configures them; this is disclosed and purpose-aligned, not hidden skill persistence.
"Some triggers require confirmation, some run automatically. Settings > Shortcuts > Automation > [your automation] > Ask Before Running"
Review Shortcuts automation triggers, keep “Ask Before Running” enabled for sensitive actions, and test automations before relying on them.