ios-watchos
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external Swift Package Manager dependency at 'https://github.com/openclaw/sdk.git'. This repository and the associated 'openclaw' organization are not recognized as trusted or well-known entities.- [EXTERNAL_DOWNLOADS]: The skill configures network operations to an external WebSocket service at 'wss://api.openclaw.com/watch'. Use of unknown third-party endpoints for sensitive application data poses a risk if the service is compromised.- [COMMAND_EXECUTION]: Instructions include the use of 'xcodebuild' commands for CI/CD pipelines. While standard for iOS development, these provide a mechanism for arbitrary command execution if build parameters are influenced by untrusted inputs.- [PROMPT_INJECTION]: The skill implements data ingestion via 'WatchConnectivity' ('WCSession.default.didReceiveMessage') and the 'OpenClaw API' ('didReceiveData').
- Ingestion points: SKILL.md (Usage Pattern 3, 4, 6, Common Commands/API sections).
- Boundary markers: No markers or delimiters are specified to distinguish between trusted instructions and untrusted data.
- Capability inventory: The skill utilizes network access (WebSocket), health data access (HealthKit), and shell command execution ('xcodebuild').
- Sanitization: There is no evidence of input validation, escaping, or sanitization for data received from external sources before it is processed by the agent or the application logic.
Audit Metadata