Back to skill
Skillv2.0.6
ClawScan security
FOSMVVM SwiftUI View Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 8:17 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only generator for SwiftUI views targeting the FOSMVVM pattern; its requirements and instructions are consistent with that purpose and it does not request credentials, install artifacts, or elevated persistence.
- Guidance
- This skill is instruction-only and appears coherent for generating FOSMVVM SwiftUI views. Before installing, you may want to: (1) verify the repository/homepage and license linked in the metadata; (2) review the templates (SKILL.md/reference.md) to ensure generated code matches your app's APIs and doesn't reference private/internal services you don't use (e.g., .testDataTransporter, MVVMEnvironment types); and (3) when you use the templates, review the produced code for any hard-coded endpoints or secrets. Because it asks for no credentials and performs no installs, the direct security risk from the skill itself is low.
Review Dimensions
- Purpose & Capability
- okThe skill name/description (generate SwiftUI views for FOSMVVM ViewModels) matches the SKILL.md and reference templates: the files provide view templates, naming conventions, and guidance for wiring ViewModel/operation bindings. There are no unrelated requirements (no binaries or credentials) that would be disproportionate.
- Instruction Scope
- okThe SKILL.md contains detailed code templates and guidance for composing SwiftUI ViewModelViews. It does not instruct the agent to read arbitrary system files, access environment variables, call external endpoints, or exfiltrate data. The instructions are narrowly scoped to code generation and architecture guidance.
- Install Mechanism
- okThere is no install spec; this is instruction-only (no code files to install or run). That is the lowest-risk install model and is appropriate for a template/guide skill.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The templates reference typical app-level types (e.g., Validations, AppState, MVVMEnvironment) which are expected for FOSMVVM-based code and do not imply external secret access.
- Persistence & Privilege
- okThe skill does not request permanent presence (always:false) and does not include installation steps that would modify agent or system configuration. Default autonomous invocation is allowed but is standard and not combined with other red flags.