Back to skill

Security audit

Iphone Use

Security checks across malware telemetry and agentic risk

Overview

This skill openly does what it says, but it gives an agent broad control of a real iPhone, including sensitive apps and durable logging/export workflows that deserve careful review.

Install only if you are comfortable giving an agent operational control over a real iPhone that may already be logged into sensitive apps. Use it for explicit, user-directed tasks; avoid unattended banking, payment, 2FA, messaging, account-change, or medical-data workflows; review or disable durable logs/screenshots/scripts for sensitive sessions; and delete exported phone data when the task is complete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description explicitly includes banking and IM apps without any built-in trigger limitations, escalation requirements, or safety boundaries. Because the skill operates a real iPhone, permissive activation around financial or communications apps can lead to unauthorized transfers, message sending, or exposure of sensitive account data if misrouted or misused.

Vague Triggers

Low
Confidence
82% confidence
Finding
The description explicitly includes banking and IM apps without any built-in trigger limitations, escalation requirements, or safety boundaries. Because the skill operates a real iPhone, permissive activation around financial or communications apps can lead to unauthorized transfers, message sending, or exposure of sensitive account data if misrouted or misused.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to log exact interaction payloads, waits, verification notes, and preserve screenshots, then store reusable scripts durably. On a real phone this can capture and retain sensitive content such as messages, health data, account details, one-time codes, and app state, creating a durable privacy and credential-exposure risk beyond the original task.

Ssd 3

High
Confidence
98% confidence
Finding
The worked example directs exporting the user's entire Apple Health dataset and saving it to persistent Mac storage, then parsing the resulting XML. Apple Health data is extremely sensitive medical and behavioral information; automating bulk export and local retention materially increases the risk of privacy violation, unintended disclosure, and secondary misuse if the Mac or logs are compromised.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.