ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Watchos Code Review

v1.2.1

Reviews watchOS code for app lifecycle, complications (ClockKit/WidgetKit), WatchConnectivity, and performance constraints. Use when reviewing code with impo...

0· 153·1 current·1 all-time
byKevin Anderson@anderskev

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anderskev/watchos-code-review.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Watchos Code Review" (anderskev/watchos-code-review) from ClawHub.
Skill page: https://clawhub.ai/anderskev/watchos-code-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install watchos-code-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install watchos-code-review
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included reference files align with a watchOS code-review checklist. No unrelated binaries, environment variables, or installs are requested.
!
Instruction Scope
The SKILL.md gives focused, repo-local instructions (read surrounding units, produce [FILE:LINE] findings). However it requires completion of pre-report steps in ../review-verification-protocol/SKILL.md (hard gate 4). That referenced protocol file is not present in the provided manifest, so the skill's required verification step cannot be satisfied from the shipped content — an incoherence that could lead to failures or unexpected agent behavior.
Install Mechanism
Instruction-only skill with no install spec and no downloads. Lowest install risk.
Credentials
No environment variables, credentials, or config paths requested; requested scope is limited to reading repo files (expected for a code-review skill).
Persistence & Privilege
always:false and normal model invocation. The skill does not request persistent system presence or modify other skills; no privilege escalation indicators.
What to consider before installing
This skill appears to be a focused watchOS code-review checklist and does not ask for credentials or install anything. However, the runtime hard gates require completing a pre-report verification protocol referenced at ../review-verification-protocol/SKILL.md, but that file is not included in the package — confirm whether the platform supplies that protocol or ask the publisher for the missing file before relying on automated findings. Also verify that your repo contains the expected watchOS artifacts (Info.plist, target entitlements, source files) because the skill's hard gates require reading concrete [FILE:LINE] locations in the repository. If you proceed, be aware the agent will read source files to produce findings (no network exfiltration is specified in the skill, but ensure your agent permissions and logs meet your policy). If anything about the missing protocol or file-access expectations is unclear, request the complete skill bundle or further documentation from the publisher.

Like a lobster shell, security has layers — review code before you run it.

latestvk979v9250edq7a74va5nyhm3g985bfz0
153downloads
0stars
2versions
Updated 6d ago
v1.2.1
MIT-0
Kevin Anderson@anderskev
latest
Download

watchOS Code Review

Quick Reference

Issue TypeReference
App lifecycle, scenes, background modes, extended runtimereferences/lifecycle.md
ClockKit, WidgetKit, timeline providers, Smart Stackreferences/complications.md
WCSession, message passing, file transfer, reachabilityreferences/connectivity.md
Memory limits, background refresh, battery optimizationreferences/performance.md

Review Checklist

  • SwiftUI App protocol used with @WKApplicationDelegateAdaptor for lifecycle events
  • scenePhase read from root view (not sheets/modals where it's always .active)
  • WKExtendedRuntimeSession started only while app is active (not from background)
  • Workout sessions recovered in applicationDidFinishLaunching (not just delegate)
  • Background tasks scheduled at least 5 minutes apart; next scheduled before completing current
  • URLSessionDownloadTask (not DataTask) used for background network requests
  • WidgetKit used instead of ClockKit for watchOS 9+ complications
  • Timeline includes future entries (not just current state); gaps avoided
  • TimelineEntryRelevance implemented for Smart Stack prioritization
  • WCSession delegate set before activate(); singleton pattern used
  • isReachable checked before sendMessage; transferUserInfo for critical data
  • Received files moved synchronously before delegate callback returns

When to Load References

  • Reviewing app lifecycle, background modes, or extended sessions -> lifecycle.md
  • Reviewing complications, widgets, or timeline providers -> complications.md
  • Reviewing WCSession, iPhone-Watch communication -> connectivity.md
  • Reviewing memory, battery, or performance issues -> performance.md

Output Format

Report issues using: [FILE:LINE] ISSUE_TITLE

Examples:

  • [WatchApp.swift:18] WKExtendedRuntimeSession started while app not active
  • [ConnectivityManager.swift:42] WCSession.activate() before delegate assignment
  • [ComplicationTimeline.swift:67] Timeline has no future entries

Hard gates (before reporting)

Complete in order for each finding you intend to report. Do not advance until the pass condition is satisfied.

  1. Location artifact — The finding includes [FILE:LINE] (or a line range) copied from the current file contents; the path resolves in this repo.
  2. Scope read — You read the full surrounding unit: the View body, WKApplicationDelegate / scene method, TimelineProvider implementation, WCSessionDelegate callback, or workout/background task handler that owns the behavior—not only a diff hunk.
  3. watchOS or pairing claim (only if the finding depends on background modes, complication/timeline contracts, WCSession reachability or transfer semantics, workout or extended runtime rules, or device-specific limits) — You name one concrete artifact you inspected (for example Info.plist / target capabilities for background modes, the WK* / WCSession call order in source, entitlements, or a subsection you read in the matching doc from Quick Reference) or you downgrade the item to an open question in Review Questions.
  4. Protocol — Pre-report steps in review-verification-protocol are satisfied for this item (no finding if they are not).

Use the issue format [FILE:LINE] ISSUE_TITLE for each reported finding. Hard gate 4 is the full pre-report checklist for this skill’s review type.

Review Questions

  1. Is the app using modern SwiftUI lifecycle with delegate adaptor?
  2. Are background tasks completing properly (calling setTaskCompletedWithSnapshot)?
  3. Is UI update frequency reduced when isLuminanceReduced is true?
  4. Are WatchConnectivity delegate callbacks dispatching to main thread?
  5. Is TabView nested within another TabView? (Memory leak on watchOS)

Comments

Loading comments...