Security audit

iOS Dev Cleanup

Security checks across malware telemetry and agentic risk

Overview

This iOS cleanup skill is mostly coherent, but it can automatically delete unavailable simulator devices and runtimes before the user reviews the scan results.

Install only if you are comfortable with a local cleanup skill that can modify your Xcode simulator environment. Before running it, ask the agent to use report-only mode first and require explicit approval for every delete command, including unavailable simulator and runtime cleanup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (19)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill explicitly states that cleanup actions should wait for user confirmation, but then instructs the agent to automatically delete unavailable simulators and runtimes during the scanning phase. This creates a contradiction that can cause destructive state changes before the user has reviewed what will be removed, violating safe approval boundaries for filesystem and development-environment cleanup.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill directs automatic execution of `xcrun simctl delete unavailable` and deletion of unavailable runtimes without user confirmation. Even if these items are often stale, they still modify the local simulator environment and may remove artifacts the user wanted preserved for debugging, forensic comparison, or recovery.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: pod cache clean --all # 或直接删除 rm -rf ~/Library/Caches/CocoaPods/ ``` ### 4. iOS DeviceSupport（真机调试符号）~3-10GB
Confidence: 92% confidence
Finding: rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Developer/Xcode/iOS\ DeviceSupport/<版本目录> ``` ### 5. DerivedData（编译缓存）~2-20GB
Confidence: 90% confidence
Finding: rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash # 删除单个项目缓存 rm -rf ~/Library/Developer/Xcode/DerivedData/<项目名>/ # 清空全部 rm -rf ~/Library/Developer/Xcode/DerivedData/*
Confidence: 94% confidence
Finding: rm -rf ~/Library/Developer/Xcode/DerivedData/<项目名>/ # 清空全部 rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Developer/Xcode/Archives/<日期>/<归档名>.xcarchive ``` ### 7. SPM 缓存（Swift Package Manager）~0-2GB
Confidence: 89% confidence
Finding: rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Caches/org.swift.swiftpm/ ``` ### 8. Caches & Logs（其他缓存和日志）
Confidence: 88% confidence
Finding: rm -rf ~/Library/Caches/org.swift.swiftpm/ ``` ### 8. Caches & Logs（其他缓存和日志） ```bash # CoreSimulator 缓存 du -sh ~/Library/Developer/CoreSimulator/Caches/ 2>/dev/null # Xcode 日志和历史 du -sh ~/Library/D

Tool Parameter Abuse

High

Category: Tool Misuse
Content: |------|---------------|---------| | Simulator Devices | `xcrun simctl delete <UUID>` | `rm -rf ~/Library/Developer/CoreSimulator/Devices/<UUID>/` | | Simulator Runtimes | `xcrun simctl runtime delete 'iOS XX.X'` | `rm -rf /Library/Developer/CoreSimulator/...` | | CocoaPods Cache | `pod cache clean --all` 或 `rm -rf ~/Library/Caches/CocoaPods/` | 两种均可 | 其他类别（DerivedData / DeviceSupport / Archives / SPM Cache / Caches & Logs）可安全使用 `rm -rf`，但**必须等用户确认后再执行**。
Confidence: 87% confidence
Finding: rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: pod cache clean --all # 或直接删除 rm -rf ~/Library/Caches/CocoaPods/ ``` ### 4. iOS DeviceSupport（真机调试符号）~3-10GB
Confidence: 92% confidence
Finding: rm -rf ~/Library/Caches/CocoaPods/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Developer/Xcode/iOS\ DeviceSupport/<版本目录> ``` ### 5. DerivedData（编译缓存）~2-20GB
Confidence: 90% confidence
Finding: rm -rf ~/Library/Developer/Xcode/iOS\ DeviceSupport/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash # 删除单个项目缓存 rm -rf ~/Library/Developer/Xcode/DerivedData/<项目名>/ # 清空全部 rm -rf ~/Library/Developer/Xcode/DerivedData/*
Confidence: 94% confidence
Finding: rm -rf ~/Library/Developer/Xcode/DerivedData/<项目名>/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: rm -rf ~/Library/Developer/Xcode/DerivedData/<项目名>/ # 清空全部 rm -rf ~/Library/Developer/Xcode/DerivedData/* ``` ### 6. Archives（归档包）~0-10GB
Confidence: 95% confidence
Finding: rm -rf ~/Library/Developer/Xcode/DerivedData/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Developer/Xcode/Archives/<日期>/<归档名>.xcarchive ``` ### 7. SPM 缓存（Swift Package Manager）~0-2GB
Confidence: 89% confidence
Finding: rm -rf ~/Library/Developer/Xcode/Archives/<日期>/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Caches/org.swift.swiftpm/ ``` ### 8. Caches & Logs（其他缓存和日志）
Confidence: 88% confidence
Finding: rm -rf ~/Library/Caches/org.swift.swiftpm/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Developer/CoreSimulator/Caches/* rm -rf ~/Library/Developer/Xcode/UserData/IDB/* rm -rf ~/Library/Developer/Xcode/DocumentationCache/* rm -rf ~/Library/Caches/com.apple.dt.Xcode/*
Confidence: 91% confidence
Finding: rm -rf ~/Library/Developer/CoreSimulator/Caches/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: **删除命令**： ```bash rm -rf ~/Library/Developer/CoreSimulator/Caches/* rm -rf ~/Library/Developer/Xcode/UserData/IDB/* rm -rf ~/Library/Developer/Xcode/DocumentationCache/* rm -rf ~/Library/Caches/com.apple.dt.Xcode/* ```
Confidence: 90% confidence
Finding: rm -rf ~/Library/Developer/Xcode/UserData/IDB/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ```bash rm -rf ~/Library/Developer/CoreSimulator/Caches/* rm -rf ~/Library/Developer/Xcode/UserData/IDB/* rm -rf ~/Library/Developer/Xcode/DocumentationCache/* rm -rf ~/Library/Caches/com.apple.dt.Xcode/* ```
Confidence: 89% confidence
Finding: rm -rf ~/Library/Developer/Xcode/DocumentationCache/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: rm -rf ~/Library/Developer/CoreSimulator/Caches/* rm -rf ~/Library/Developer/Xcode/UserData/IDB/* rm -rf ~/Library/Developer/Xcode/DocumentationCache/* rm -rf ~/Library/Caches/com.apple.dt.Xcode/* ``` ## Unavailable 自动清理
Confidence: 89% confidence
Finding: rm -rf ~/Library/Caches/com.apple.dt.Xcode/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: |------|---------------|---------| | Simulator Devices | `xcrun simctl delete <UUID>` | `rm -rf ~/Library/Developer/CoreSimulator/Devices/<UUID>/` | | Simulator Runtimes | `xcrun simctl runtime delete 'iOS XX.X'` | `rm -rf /Library/Developer/CoreSimulator/...` | | CocoaPods Cache | `pod cache clean --all` 或 `rm -rf ~/Library/Caches/CocoaPods/` | 两种均可 | 其他类别（DerivedData / DeviceSupport / Archives / SPM Cache / Caches & Logs）可安全使用 `rm -rf`，但**必须等用户确认后再执行**。
Confidence: 87% confidence
Finding: rm -rf ~/Library/Caches/CocoaPods/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn

Code: suspicious.destructive_delete_command
Location: SKILL.md:241