Is dimillian/swiftui-ui-patterns safe?

https://github.com/openclaw/skills/tree/main/skills/dimillian/swiftui-ui-patterns

96
SAFE

The dimillian/swiftui-ui-patterns skill is a documentation-only SwiftUI UI patterns reference consisting entirely of markdown files with code examples and architectural guidance for iOS/macOS development. No prompt injection, executable code, git hooks, submodules, exfiltration instructions, or malicious network activity were detected. Canary file accesses observed during the monitoring window are attributable exclusively to the audit framework's baseline and verification scans, confirmed by timing analysis and intact canary hashes.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 93/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (4)

LOW Canary files accessed during audit monitoring window -7

Multiple sensitive canary files were opened during the monitoring period. First batch at timestamp 1771935739 (before git clone at 1771935744) corresponds to audit framework baseline setup. Second batch at 1771935748 and 1771935755 corresponds to audit framework post-install verification scans. Canary file integrity confirmed intact. No reads attributable to skill installation or SKILL.md content.

LOW Post-install network listeners and outbound connections from execution infrastructure -10

The connection diff shows openclaw-gateway process (pre-existing audit infrastructure) acquired two TCP listeners on localhost ports 18790 and 18793, and established connections to 3.217.42.175:443 (AWS infrastructure). These are attributable to the openclaw execution environment itself, not to the skill. The skill contains no network-capable code.

INFO Shell command recommendation in workflow guidance -2

SKILL.md instructs agents to run rg "TabView\(" to locate nearby SwiftUI examples in the user's repo. This is a standard developer workflow suggestion using ripgrep for code search. It does not override system instructions, request elevated permissions, or chain to sensitive operations.

INFO Broken internal file reference in SKILL.md 0

SKILL.md Quick Start references 'references/app-scaffolding-wiring.md' which does not exist; the actual file is 'references/app-wiring.md'. This is a benign documentation error that could cause an agent to fail to load a reference, but carries no security impact.