ClawHub

Swiftlint

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SwiftLint helper skill, but users should be careful because its auto-fix examples can modify Swift source files.

Install this only if you are comfortable using SwiftLint in your Swift projects. Prefer lint-only commands first, use --path for the specific file or folder you intend to check, and review version-control diffs before accepting any swiftlint --fix changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The guidance uses broad natural-language triggers like "check my code style" and "lint my Swift code" to decide when to run the skill. In an agent setting, vague triggers can cause unintended invocation on repositories or paths the user did not explicitly ask to lint, increasing the chance of unnecessary file access or follow-on actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section recommends `swiftlint --fix` workflows but does not clearly warn that the command rewrites user source files. In an autonomous or semi-autonomous agent context, omission of an explicit modification warning can lead to unexpected code changes, accidental churn, or corruption of work in progress.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The build-phase example runs `swiftlint --fix` automatically during builds, which can rewrite tracked source files as a side effect of compilation. This is risky because builds are often triggered implicitly by IDEs or CI, making source mutation surprising and potentially destabilizing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The agent tip says to run `swiftlint --fix` first when a user asks to "clean up" or "fix style," but does not require explicit confirmation that file modifications are desired. This increases the chance an agent edits code when the user only wanted analysis or recommendations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal