Back to skill
Skillv1.0.0
ClawScan security
Ios Keyboard Limitations · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:45 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only guidance about iOS keyboard extension limitations — internally consistent with its stated purpose and requests no extra permissions, binaries, or installs.
- Guidance
- This is an instruction-only reference about iOS keyboard extension limitations and workarounds — it requests no permissions or installs and appears coherent with its stated purpose. Before relying on it: 1) verify the details against current Apple documentation and recent WWDC sessions since platform behavior and limits can change; 2) note references to App Groups and entitlements — implementing those requires properly configured capabilities in both app and extension and user consent where appropriate; 3) the SKILL.md cites a local project path (~/Projects/polyvoice-keyboard/) and has no homepage or source provenance — treat findings as community notes rather than official guidance. If you need production-ready code or legal/privacy guidance (user notifications, Info.plist privacy strings), obtain up-to-date official docs or tested libraries.
Review Dimensions
- Purpose & Capability
- okName/description match the content: SKILL.md explains iOS keyboard sandbox, mic restrictions, memory limits, App Groups, and alternative architectures. There are no unrelated credential or binary requirements.
- Instruction Scope
- okThe SKILL.md contains developer guidance and example code snippets only; it does not instruct the agent to read files, access environment variables, call external endpoints, or perform system actions beyond documenting platform limits and workarounds.
- Install Mechanism
- okNo install spec and no code files — nothing is downloaded or written to disk. This is the lowest-risk form (instruction-only).
- Credentials
- okNo environment variables, credentials, or config paths are requested. The document explains using App Groups (an expected entitlement) but does not ask for unrelated secrets or access.
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistence or elevated platform privileges. Autonomous invocation is allowed by platform default but there is nothing in the skill that leverages that to access other skills or system secrets.