Npjames Apple Reminders

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Apple Reminders command guide, but it can change or delete reminder data if used that way.

Install only if you trust the remindctl Homebrew package and want an agent to access Apple Reminders on your Mac. Before edit, complete, delete, or force-delete commands, ask the agent to show the matching reminder or list first and get explicit confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents a forced delete operation for reminders without any explicit warning that the action is destructive and may be irreversible. In an agent or copy-paste workflow, users may invoke `remindctl delete 4A83 --force` assuming it is routine, leading to unintended loss of reminder data.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation includes list deletion commands without an explicit notice that deleting a list can remove or orphan associated reminder data, creating a destructive-data-loss risk. Because this skill is specifically for managing personal reminders, destructive commands are more sensitive than in a read-only or purely informational context.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal