Xcode Cache Cleaner
SuspiciousAudited by ClawScan on May 13, 2026.
Overview
The skill is mostly a legitimate cache cleaner, but review is needed because its shell scripts contain unsafe command construction and some cleanup safeguards are weaker than documented.
Only use this after reviewing a dry-run. Do not run it on untrusted or strangely named project folders, avoid --yes until you have approved the exact paths, and be especially careful with DeviceSupport and --include-archives. The publisher should fix the eval usage and make deletion/recoverability behavior match the documentation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously named or crafted project folder could run shell commands under the user's account when the agent scans it.
The script builds and evaluates a shell command using TARGET_DIR derived from the user-selected project path. A directory name containing shell metacharacters such as $() or quotes could cause unintended commands to execute during scanning.
done < <(eval "find \"$TARGET_DIR\" $find_args -print0 2>/dev/null" || true)
Remove eval, pass find predicates safely as arrays or separate hard-coded find calls, quote glob patterns, and preserve NUL-delimited path handling through deletion.
The global cleanup may remove more Xcode DeviceSupport folders than the user expects, requiring Xcode to recreate or redownload support data.
The default DeviceSupport safeguard depends on sort -V to choose the highest-version folder. Stock macOS sort commonly lacks -V; if it fails, auto_keep can be empty and all DeviceSupport entries may be queued for deletion instead of keeping one.
auto_keep=$(ls "$dir" | sort -V | tail -1 || true) ... ACTIONS+=("delete:$entry")Use a macOS-compatible version comparison, fail closed if the keep target cannot be determined, or require explicit --keep-ios patterns before deleting DeviceSupport.
Users may believe project cache deletions are recoverable from Trash when they are actually removed directly.
SKILL.md says both scripts prefer recoverable Trash when available, but the project-mode script always uses rm -rf for matched paths. That makes the recoverability claim materially weaker for project cleanup.
rm -rf "$p" 2>/dev/null || true
Either update the documentation to state that project-mode deletion is direct and irreversible, or implement the same trash-when-available fallback used by the global cleaner.