apple-xcode-hybrid-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a hybrid orchestration workflow for Xcode and Swift development without malicious intent. It prioritizes Model Context Protocol (MCP) tools and falls back to official Apple CLI tools when necessary.
- [COMMAND_EXECUTION]: The included Python script
scripts/advisory_cooldown.pymanages a local JSON state file at~/.codex/state/apple_dev_advisory_cooldowns.json. This is used to track and throttle user notifications (advisories) based on a cooldown period. The script uses standard libraries and safe file handling practices. - [EXTERNAL_DOWNLOADS]: The
references/skills-discovery.mdfile suggests installing additional skills from the author's GitHub repository and from Vercel Labs, which is a well-known and trusted source. These are user-directed installation instructions and not automatic execution patterns. - [DATA_EXPOSURE_AND_EXFILTRATION]: Analysis of the scripts and instructions found no unauthorized data access, hardcoded credentials, or exfiltration patterns. File system access is restricted to the specific state file and the project workspace.
Audit Metadata