Apple Contacts
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed macOS Contacts lookup skill with sensitive but purpose-aligned access, though the referenced AppleScript file is not included in the reviewed package.
Install only if you want an agent to query your local Apple Contacts. Before granting macOS Contacts permission, confirm the referenced AppleScript exists in the installed skill and inspect it; avoid list-all or full-detail queries unless you are comfortable exposing address-book contents in the agent session.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.