Back to skill
Skillv1.2.1
ClawScan security
Ios Animation Code Review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 4:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only iOS animation code reviewer whose declared purpose, required resources, and runtime instructions are consistent and proportionate.
- Guidance
- This skill is instruction-only and self-contained: it reads provided .swift files and its bundled reference docs to produce code-review findings. Before installing, confirm you are comfortable allowing the agent to read any code you hand it (the skill has no network calls, env var access, or installers declared). Test it on non-sensitive sample code first. Note that absence of scanner hits is expected for instruction-only skills — the SKILL.md and references are the security surface; if you plan to use it with private repositories, ensure your agent's file-access policy is appropriate.
Review Dimensions
- Purpose & Capability
- okName/description (iOS animation code review) align with the included SKILL.md and reference docs. The skill requires no binaries, env vars, or credentials — appropriate for a review-only tool that operates on supplied .swift files and bundled reference markdown.
- Instruction Scope
- okSKILL.md plainly instructs the agent to enumerate and inspect .swift files, re-read the cited code ranges, consult the bundled reference docs, and emit findings in a strict textual format. It does not ask the agent to read unrelated system files, call external endpoints, or access secrets beyond the provided files.
- Install Mechanism
- okThere is no install spec and no code files executed — the skill is instruction-only, which minimizes disk-write and execution risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The runtime instructions only reference the bundled reference files and the target .swift files under review, which is proportional to its purpose.
- Persistence & Privilege
- okalways:false and no install actions mean the skill does not request permanent or elevated presence. The default ability for the agent to invoke the skill autonomously is unchanged but is normal for skills and not a red flag here.