ClawHub

Xcode Build Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-oriented Xcode build-log helper; it can reveal local project metadata, but that access is visible and mostly aligned with its purpose.

Install only if you are comfortable letting the agent read Xcode DerivedData and show local project paths, compiler messages, app metadata, branch names, and worktree locations. Treat any cleanup command separately: review the printed path carefully and run deletion only when you intentionally want to remove that DerivedData cache.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill’s stated purpose is Xcode build log analysis, but this section also inspects git repository state, branch names, worktree locations, and workspace paths. That expands data collection beyond build telemetry into source-control metadata, which can disclose sensitive filesystem paths, branch names, and repository structure without clear necessity or user warning.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The git/worktree inspection capability is not essential to analyzing Xcode build logs and therefore violates least-privilege and data-minimization expectations for the skill. In practice it can reveal repository membership, branch context, and nonstandard worktree locations such as temporary directories, which may expose private development workflow details.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill reads DerivedData, workspace paths, and full compiler output, all of which may contain sensitive information such as usernames, local paths, target names, warning text, source filenames, and snippets of code or build arguments. Because the documentation emphasizes read-only behavior but does not adequately warn about disclosure risk, users may expose private data unintentionally when sharing outputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal