Skillv3.5.0

ClawScan security

Apple Developer Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 11:02 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated features, but there are clear inconsistencies between the runtime instructions and the declared install footprint (and it installs from an untrusted Homebrew tap), so proceed with caution and verify the tap/formula and runtime files before installing or supplying credentials.
Guidance: Key things to check before installing or using this skill: - Clarify the runtime: ask the author which binary actually provides each feature. Does `brew install Abdullah4AI/tap/appledev` install a native appledev binary that implements everything, or do you need to run Node scripts from the repository? The SKILL.md is inconsistent (claims one binary but shows `node cli.js`). - Inspect the Homebrew tap/formula before installing: review the formula source on the tap (Abdullah4AI/tap) to see what it downloads or executes. Third-party taps can run arbitrary install scripts and fetch code from remote URLs. - If you must install, do so in a sandboxed environment (VM or isolated Mac) until you confirm behavior. Avoid running `bash scripts/setup.sh` or other install scripts from the repo without reviewing them. - Protect credentials: only provide APPSTORE_* keys and LLM_API_KEY when you understand where they are stored and how the tool transmits them. Prefer using temporary or least-privilege keys (App Store Connect key with minimal access) for initial testing. - Prefer an authoritative source: ask for an official homepage or a GitHub release. If the maintainer can provide a signed release or an official Homebrew/core formula, that reduces risk. - If you plan to rely on the documentation/search feature, verify locally whether `node cli.js` exists after installation or whether the installed appledev binary exposes the documented subcommands. If not, do not run arbitrary node scripts fetched from the repo.
Findings: [no-regex-findings] expected: The static regex scanner reported no findings. This is plausible because the skill bundle is mostly markdown/docs and SKILL.md instructions rather than executable code in the registry entry. However, absence of findings is not proof of safety — Homebrew formula content and any install-time scripts were not provided to the scanner.

Review Dimensions

Purpose & Capability: concernThe SKILL claims a single unified binary (appledev) that provides docs search, App Store Connect CLI, and an app builder. Yet the instructions repeatedly show running node cli.js (e.g., `node cli.js search`) and reference a Node package.json — which implies Node-based scripts rather than a single prebuilt native binary. The registry metadata lists node as required plus an 'anyBins' appledev; this mismatch (binary vs Node script usage) is incoherent and worth clarifying. Minor version mismatch (registry 3.5.0 vs package.json 3.2.0) also raises consistency questions.
Instruction Scope: concernSKILL.md instructs running local files (node cli.js, bash scripts/setup.sh) and commands that may bootstrap or install prerequisites (e.g., `appledev build setup`, `bash scripts/setup.sh`). Those instructions assume repository files are present on the host; but the declared install path is a Homebrew formula that installs a single binary. If an agent follows the SKILL.md literally, it may try to run scripts that come from the skill bundle — verify which files are actually installed. The docs also instruct storing App Store Connect keys and LLM keys as env vars; those are expected for the claimed features, but the instructions are broad about 'checks and installs prerequisites' which could cause the tool to download/run additional code during setup.
Install Mechanism: concernInstall uses a Homebrew formula from a third-party tap (Abdullah4AI/tap). While Homebrew is common, third-party taps can deliver arbitrary code; the formula's contents and the tap owner's reputation are not provided. The brew-based install is higher risk than an official GitHub release or an official Homebrew/core formula. The SKILL also includes 'build from source' steps (`bash scripts/setup.sh`) which would run repository scripts if used — review those scripts before executing.
Credentials: okRequested environment variables are optional and appropriate for the described features: APPSTORE_* (App Store Connect API key/issuer/private key paths) for store operations, and LLM_API_KEY for the app builder. No unrelated credentials or unexpected secrets are requested.
Persistence & Privilege: okThe skill is not marked always:true and does not request special config paths or system-wide changes. It does not declare persistent privileges or modifications to other skills. Autonomous invocation remains allowed (platform default) but is not combined with other high-risk flags here.