Apple Media

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it helps find and control Apple/AirPlay media devices on the user's local network.

Install only if you are comfortable scanning your local network and controlling Apple/AirPlay devices you own or are authorized to manage. Treat scan results as private because they can reveal device names, IP addresses, identifiers, and service details; verify pyatv, Airfoil, and any sibling airfoil skill before granting permissions or issuing control commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs users to scan the local network for AirPlay/Apple TV devices and issue control commands, but it does not clearly warn that these actions enumerate nearby devices and can affect real hardware on the network. In an agent setting, missing disclosure and consent boundaries can lead to unauthorized discovery or control of household/media devices, especially if the user did not intend to interact with all reachable AirPlay targets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal