End-to-end iOS malware/spyware forensic assessment of a non-jailbroken iPhone from a Mac. Installs tooling (libimobiledevice + Mobile Verification Toolkit), pulls crash logs, creates a full ENCRYPTED device backup (auto-resuming on lock/disconnect), decrypts it, runs MVT against every spyware IOC feed (Pegasus, Predator, Candiru, Cellebrite, Intellexa, stalkerware, ...), sweeps every file in the backup manifest, analyzes crash logs for injected dylibs, and produces an assessment report. Use when the user suspects their iPhone is compromised, asks to check for spyware/Pegasus/stalkerware, or wants a full forensic health check of an iPhone connected over USB.

Install

openclaw skills install @lordx64/iphone-malware-scan