ClawHub

Cloudkit Code Review

v1.2.1

Reviews CloudKit code for container setup, record handling, subscriptions, and sharing patterns. Use when reviewing code with import CloudKit, CKContainer, C...

0· 181·1 current·1 all-time
byKevin Anderson@anderskev

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anderskev/cloudkit-code-review.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cloudkit Code Review" (anderskev/cloudkit-code-review) from ClawHub.
Skill page: https://clawhub.ai/anderskev/cloudkit-code-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cloudkit-code-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install cloudkit-code-review
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the files and instructions: the skill is explicitly a CloudKit code reviewer and only includes reference docs and a runtime checklist. It requests no binaries, env vars, or installs that would be unrelated to static code review. (Note: the package source/homepage is unknown, but that affects provenance, not coherence.)
Instruction Scope
SKILL.md instructs the agent to read repository source (files, types, functions, entitlements, Info.plist) and produce file/line-tagged findings — this stays within the stated goal of reviewing CloudKit usage. The 'hard gates' deliberately require reading surrounding units and concrete artifacts; that is appropriate for code review and does not instruct access to unrelated system secrets or external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk during install, so install risk is minimal.
Credentials
No environment variables, credentials, or config paths are requested. The review instructions reasonably require inspecting repository files (entitlements, Info.plist) to verify claims about containers and entitlements.
Persistence & Privilege
always:false and default autonomous invocation behavior. The skill does not request persistent system-level changes or cross-skill modifications. Autonomous invocation is allowed by platform default but is not combined with broad credential access or other red flags.
Assessment
This skill is an instruction-only CloudKit code-review checklist and appears internally consistent: it will read your repository files (source files, Info.plist/entitlements) to check CloudKit usage and produce line-referenced findings. There are no installs or secret requests. Two practical cautions: (1) provenance is unknown (no homepage/source listed) — if you need third-party trust, prefer skills from known authors or inspect the SKILL.md and reference docs yourself before enabling; (2) the agent will read repo contents when run, so don’t run it on repositories containing secrets you don’t want reviewed. Otherwise it’s coherent for its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk977y0mba9wjandxhxfyf1xmrn85aw20
181downloads
0stars
2versions
Updated 6d ago
v1.2.1
MIT-0
Kevin Anderson@anderskev
latest
Download

CloudKit Code Review

Quick Reference

Issue TypeReference
CKContainer, databases, zones, entitlementsreferences/container-setup.md
CKRecord, references, assets, batch operationsreferences/records.md
CKSubscription, push notifications, silent syncreferences/subscriptions.md
CKShare, participants, permissions, acceptancereferences/sharing.md

Review Checklist

  • Account status checked before private/shared database operations
  • Custom zones used (not default zone) for production data
  • All CloudKit errors handled with retryAfterSeconds respected
  • serverRecordChanged conflicts handled with proper merge logic
  • CKErrorPartialFailure parsed for individual record errors
  • Batch operations used (CKModifyRecordsOperation) not individual saves
  • Large binary data stored as CKAsset (records have 1MB limit)
  • Record keys type-safe (enums) not string literals
  • UI updates dispatched to main thread from callbacks
  • CKAccountChangedNotification observed for account switches
  • Subscriptions have unique IDs to prevent duplicates
  • CKShare uses custom zone (sharing requires custom zones)

When to Load References

  • Reviewing container/database setup or zones -> container-setup.md
  • Reviewing record CRUD or relationships -> records.md
  • Reviewing push notifications or sync triggers -> subscriptions.md
  • Reviewing sharing or collaboration features -> sharing.md

Output Format

Report issues using: [FILE:LINE] ISSUE_TITLE

Examples:

  • [AppDelegate.swift:24] CKContainer not in custom zone
  • [SyncManager.swift:156] Unhandled CKErrorPartialFailure
  • [DataStore.swift:89] Missing retryAfterSeconds backoff

Review Questions

  1. What happens when the user is signed out of iCloud?
  2. Does error handling respect rate limiting (retryAfterSeconds)?
  3. Are conflicts resolved or does data get overwritten silently?
  4. Is the schema deployed to production before App Store release?
  5. Are shared records in custom zones (required for CKShare)?

Hard gates (before reporting)

Complete in order for each finding you intend to report. Do not advance until the pass condition is satisfied.

  1. Location artifact — The finding includes [FILE:LINE] (or a line range) copied from the current file contents; the path resolves in this repo.
  2. Scope read — You read the full surrounding unit: the type or function that owns the CloudKit work (for example the CKOperation subclass usage, completion handler chain, or CKRecord lifecycle), not only a diff hunk or isolated snippet.
  3. CloudKit or deployment claim (only if the finding depends on container identifiers, public vs private database choice, custom zone requirement, iCloud account state, entitlements, or production schema) — You name one concrete artifact you inspected (for example com.apple.developer.icloud-container-environment or container ID in the entitlements file, CKContainer.default() vs custom identifier in source, Info.plist / target capability, or evidence that schema is deployed) or you downgrade the item to an open question in Review Questions.
  4. Protocol — Pre-report steps in review-verification-protocol are satisfied for this item (no finding if they are not).

Use the issue format [FILE:LINE] ISSUE_TITLE for each reported finding. Hard gate 4 is the full pre-report checklist for this skill’s review type.

Comments

Loading comments...