ios-dev-cleanup Security Report — Low Risk | ClawSafe

15 /100

ios-dev-cleanup

Scans iOS development disk usage (simulators, runtimes, DerivedData, CocoaPods cache, archives) and offers safe deletion commands with size analysis

This is a legitimate iOS development disk cleanup skill with no malicious behavior; the pre-scan's two critical IOC flags (rm -rf ~, rm -rf /) are false positives — both appear in prohibition/warning tables instructing the agent NOT to run those commands. All deletion targets are safe Xcode developer directories and user confirmation is required.

Skill Nameios-dev-cleanup

Duration67.0s

Enginepi

✓

Safe to install

Approve for use. Consider adding explicit filesystem:WRITE and shell:WRITE declarations to SKILL.md metadata to fully align declared vs inferred capabilities.

Findings 2 items

Severity	Finding	Location
Low	Missing permission declarations for deletion operations Doc Mismatch SKILL.md executes filesystem deletions via Bash (rm -rf, xcrun simctl, pod cache clean) but only declares requires_binaries. The deletion workflow is documented in README.md security section but not formally declared in SKILL.md frontmatter. This is a minor documentation gap — the behavior is transparent to users, not hidden. `requires_binaries: xcrun, du, stat (no filesystem:WRITE or shell:WRITE declared)` → Add a 'permissions' or 'capabilities' section to SKILL.md frontmatter declaring filesystem:WRITE and shell:WRITE for the deletion workflow.	`SKILL.md:1`
Info	Pre-scan false positive: dangerous commands are prohibited entries Doc Mismatch The pre-scan flagged 'rm -rf ~' (line 65) and 'rm -rf /' (line 241) as critical IOCs. Both are entries in a prohibition table (禁止操作 / Forbidden Operations) instructing the agent NOT to execute those commands. The skill explicitly mandates safe deletion methods. These flags should be disregarded. 禁止直接 `rm -rf ~/Library/Developer/CoreSimulator/Devices/<UUID>/`，必须用 `simctl delete` → No action needed. The safety table is a positive security control.	`SKILL.md:65`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	SKILL.md: executes rm -rf commands via Bash for DerivedData, DeviceSupport, Arch…
Shell	`NONE`	`WRITE`	✓ Aligned	SKILL.md: all deletion categories use Bash shell execution (rm -rf, xcrun simctl…
Network	`NONE`	`NONE`	—	No network operations detected
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser usage
Database	`NONE`	`NONE`	—	No database access

2 Critical 3 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf ~

SKILL.md:65

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

SKILL.md:241

📧

Info Email 邮箱地址

[email protected]

SKILL.md:6

File Tree

2 files · 10.6 KB · 340 lines

Markdown 2f · 340L

├─ 📝 README.md Markdown 89L · 2.6 KB

└─ 📝 SKILL.md Markdown 251L · 8.0 KB

Security Positives

✓ Comprehensive safety table explicitly forbids dangerous rm -rf commands on simulator/device directories, mandating xcrun simctl instead

✓ User confirmation is required before all deletions (except unavailable simulators, which are already non-functional)

✓ README.md contains an explicit security section documenting no network access and no data exfiltration

✓ All deletion targets are well-defined Xcode developer cache directories — no system-wide or home directory deletions

✓ No obfuscation, no base64, no encoded instructions, no suspicious external dependencies

✓ Skill is open source with a public GitHub repository (jesseluo/ios-dev-cleanup)

Scan Report

Findings 2 items

File Tree

Security Positives