iCloud Reminders

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward iCloud Reminders helper, but it handles Apple credentials and reusable session files that should be protected carefully.

Install only if you trust the Homebrew tap and CLI project. Avoid plaintext Apple ID password storage where possible, protect the local session file, and treat any exported `session.tar.gz` as password-equivalent material that should not be shared or stored insecurely. Confirm before allowing an agent to delete, complete, or bulk-edit reminders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents exporting and importing authenticated session material without warning that the exported archive may grant account access equivalent to a logged-in session. In this context, session artifacts for a 2FA-protected iCloud account are highly sensitive; users may mishandle or share them, enabling unauthorized access to reminders and potentially broader account-linked data reachable through the session.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal