ios-simulator-browser

Warn

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's instructions in SKILL.md use npx --yes serve-sim@latest to fetch and execute a package from the npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: Executing an unversioned package directly from a remote registry via npx constitutes a remote code execution risk on the user's machine.
  • [COMMAND_EXECUTION]: The script scripts/swiftui-preview-browser.mjs executes several powerful system commands including xcodebuild, xcrun, and swift to manage iOS simulators and build projects. It also dynamically generates a temporary Xcode project and compiles it, followed by runtime injection of dylibs to support hot-reloading within the simulator environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 25, 2026, 04:44 PM
Security Audit — agent-trust-hub — ios-simulator-browser