Back to skill

Security audit

iPhone Malware Scan

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local iPhone forensic scanning skill, with sensitive but purpose-aligned backup access and no evidence of exfiltration or hidden behavior.

Install only if you are comfortable creating a full local iPhone backup and decrypted copy on the Mac. Use a dedicated backup password, keep the work directory private, avoid putting real passwords in saved shell history when possible, and delete the backup/decrypted folders after review if you no longer need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script accepts the backup password either from a positional command-line argument or an environment variable, and then passes it to `mvt-ios decrypt-backup -p`. Supplying secrets on the command line is risky because they can be exposed through shell history, process listings, logging, crash reports, or other local monitoring tools. In this forensic context, the password protects a sensitive iPhone backup, so disclosure could enable unauthorized access to the decrypted contents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/run-all.sh:5

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:71