ios-pentest

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill package contains intentional, clearly malicious-capable behaviors — e.g., biometric and SSL-pinning bypasses, jailbreak-detection hiding, hooks that read and log keychain/crypto material, and dyld/function-hiding to evade detection — which are designed to extract credentials and silently disable or evade device security controls and therefore present a high risk for abuse.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's ~/.claude/mcp.json example config runs "npx -y @anthropic/mobile-mcp --ios" (refs https://github.com/mobile-next/mobile-mcp), which will fetch and execute remote package code at runtime to provide MCP device interaction, so it is a runtime external dependency that executes remote code.