xcodebuildmcp-packaging-resource-review
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified. The skill adheres to its stated purpose of providing a framework for reviewing build and packaging processes.
- [COMMAND_EXECUTION]: The skill suggests executing validation commands such as
npm run buildandnpm run verify:portable. These are standard lifecycle scripts for Node.js projects and are executed within the user's local repository environment. - [DATA_EXPOSURE]: The skill references environment variables like
XCODEBUILDMCP_RESOURCE_ROOTandDYLD_FRAMEWORK_PATH. These are standard macOS developer configurations for locating binaries and resources during the build and execution phases, posing no risk of credential or sensitive data leakage.
Audit Metadata