Back to skill

Security audit

iCloud Find My

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about using iCloud Find My, but it handles precise family-location data and includes unsafe parsing and persistence guidance that need review.

Review this skill before installing. Use it only for devices and people you are authorized to locate, avoid covert or continuous monitoring, do not store Apple IDs in shared workspaces, and replace all eval()-based parsing examples with safe structured parsing or strict coordinate extraction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation explicitly recommends using eval() to parse the Location field, which turns untrusted CLI output into executable Python code. If the output is malformed, spoofed, or influenced by a compromised dependency/tool, this can lead to arbitrary code execution on the host, which is far beyond the skill's intended purpose of reading device metadata.

Context-Inappropriate Capability

High
Confidence
100% confidence
Finding
The example shell pipeline feeds command output directly into python3 -c and evaluates stdin with eval(), creating an explicit code-execution path from external data. Because this skill processes remote account/device data via a third-party CLI, treating that data as code is unsafe and can enable arbitrary command execution if the input is ever attacker-controlled or corrupted.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the agent stores the user's Apple ID in its workspace, but it does not warn about the sensitivity of that identifier or describe safe handling practices such as restricted permissions, avoiding logs, and minimizing retention. In this skill's context, the Apple ID is tied to iCloud authentication workflows and device-location access, so local persistence increases the chance of credential exposure, account targeting, or leakage through workspace inspection and debugging artifacts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to persist an Apple ID in TOOLS.md or workspace configuration without discussing sensitivity, retention, or access controls. While an Apple ID alone is not a password, it is still personal account data and increases privacy risk, account targeting, and accidental leakage through logs, repos, or shared workspaces.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill is designed to retrieve precise Find My locations and battery data for family devices, which is highly sensitive personal and household information. The lack of any warning, consent language, or usage boundaries makes misuse easier and increases the risk of covert monitoring, stalking, or over-collection of location data.

Missing User Warnings

High
Confidence
96% confidence
Finding
The proactive use cases explicitly encourage ongoing location monitoring, home/away inference, and 'near me' checks without discussing consent, frequency limits, or privacy safeguards. This materially increases the danger because it operationalizes continuous surveillance behavior rather than a one-off user-initiated lookup.

Ssd 3

Medium
Confidence
91% confidence
Finding
The instructions direct the agent to persist user account identifiers for future use, creating unnecessary long-term storage of sensitive personal data in workspace files. In shared, synced, or logged environments this can expand the blast radius of disclosure and normalize retention beyond what is needed for the immediate task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.