Back to skill
Skillv1.0.0
ClawScan security
Apple HIG · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 9:58 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only reference for Apple HIG (design guidelines) and its requested/install footprint matches that purpose — there are no surprising requests or behaviors.
- Guidance
- This skill is an offline/reference-style guide — low risk because it contains only design text and asks for nothing. Before relying on it as authoritative, cross-check critical details against Apple's official HIG (apple.com/design/human-interface-guidelines) because third-party summaries can be slightly out-of-date or simplified. If you expect the skill to perform actions (linting, code generation, automated checks), note that those capabilities are not present — additional tools, binaries, or credentials would be required and should be reviewed before installation.
Review Dimensions
- Purpose & Capability
- okName/description (Apple HIG guidelines) match the actual content: a static, detailed SKILL.md with design rules for macOS/iOS. There are no unrelated credentials, binaries, or configuration requirements that would be unnecessary for a design reference.
- Instruction Scope
- okSKILL.md is purely documentation and runtime instructions are absent — it does not instruct the agent to read files, access environment variables, call external endpoints, or perform system operations outside providing design guidance.
- Install Mechanism
- okNo install spec and no code files — nothing is downloaded or written to disk. This is the lowest-risk pattern for a skill of this type.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is proportionate for a read-only design guideline resource.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or system-wide privileges. The default ability for the agent to invoke the skill autonomously is normal and does not materially expand capabilities here because the skill has no external actions or credentials.