OpenClaw with Apple

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask for Apple ID credentials (app-specific password and main password) and to place them into environment-variable export commands and CLI calls (including 2FA codes), which requires the LLM to handle and emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). This skill explicitly instructs the assistant to solicit Apple ID main passwords and 2FA codes in chat, set them as environment variables and perform non‑interactive logins, cache session tokens, install persistent background jobs (launchd/daemon), and then access highly sensitive services (iCloud Drive, Photos, Find My, Health), which constitutes direct credential harvesting and enables long‑term remote access, device control and data exfiltration if the assistant/server is untrusted.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires importing and running remote iCloud Shortcuts at runtime—e.g. https://www.icloud.com/shortcuts/4a5dff0072a6463a9a1fef47d6ec13e2 (Health), https://www.icloud.com/shortcuts/9054c0236adb4909b3dbf72fa58b4933 (Tasks), and https://www.icloud.com/shortcuts/56d84868591f4233b7d362c83fb71d59 (Notes)—which execute code on the user's device and produce the files the agent consumes, satisfying the conditions for a high-confidence runtime external dependency risk.