Is michaelversus/swiftfindrefs safe?

https://github.com/openclaw/skills/tree/main/skills/michaelversus/swiftfindrefs

95
SAFE

SwiftFindRefs is a legitimate Swift development tool skill that provides instructions for using IndexStoreDB to find symbol references. The skill contains no malicious content and follows standard documentation patterns, with the primary concern being its dependency on external software installation.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW External Software Installation Required -15

The skill instructs the agent to install external software using 'brew tap michaelversus/SwiftFindRefs https://github.com/michaelversus/SwiftFindRefs.git' and 'brew install swiftfindrefs'. This creates a dependency on external repositories that could potentially be compromised.

INFO Strong Imperative Language -5

The skill uses strong directive language like 'Mandatory for', 'Always run', 'Do not substitute', etc. While technically justified for proper tool usage, this creates rigid behavioral constraints.