Skills
skills/fikriaf/agentos/findmy/Gen Agent Trust Hub

findmy

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Uses osascript (AppleScript) for UI automation to control the Find My application and screencapture to record screen content.
  • [DATA_EXFILTRATION]: Accesses and extracts highly sensitive personal data, including the real-time physical addresses and geographic coordinates of all devices and AirTags linked to the user's Apple ID.
  • [EXTERNAL_DOWNLOADS]: Recommends installing the third-party utility peekaboo from a non-official Homebrew tap (steipete/tap/peekaboo) which is outside of standard verified repositories.
  • [DATA_EXFILTRATION]: Saves screenshots containing private location data to the /tmp/ directory, which is world-readable on macOS, creating a risk of local data exposure to other users or processes.
  • [COMMAND_EXECUTION]: Suggests establishing ongoing background monitoring through infinite shell loops or cron jobs, which constitutes a persistence mechanism for tracking.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 06:05 AM