← 返回 Skills 市场
Urlsession Code Review
作者
Kevin Anderson
· GitHub ↗
· v1.2.1
· MIT-0
160
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install urlsession-code-review
功能描述
Reviews URLSession networking code for iOS/macOS. Covers async/await patterns, request building, error handling, caching, and background sessions.
使用说明 (SKILL.md)
URLSession Code Review
Quick Reference
| Topic | Reference |
|---|---|
| Async/Await | async-networking.md |
| Requests | request-building.md |
| Errors | error-handling.md |
| Caching | caching.md |
Review Checklist
Response Validation
- HTTP status codes validated - URLSession does NOT throw on 404/500
- Response cast to HTTPURLResponse before checking status
- Both transport errors (URLError) and HTTP errors handled
Memory & Resources
- Downloaded files moved/deleted (async API doesn't auto-delete)
- Sessions with delegates call
finishTasksAndInvalidate() - Long-running tasks use
[weak self] - Stored Task references cancelled when appropriate
Configuration
-
timeoutIntervalForResourceset (default is 7 days!) - URLCache sized adequately (default 512KB too small)
- Sessions reused for connection pooling
Background Sessions
- Unique identifier (especially with app extensions)
- File-based uploads (not data-based)
- Delegate methods used (not completion handlers)
Security
- No hardcoded secrets (use Keychain)
- Header values sanitized for CRLF injection
- Query params via URLComponents (not string concat)
Hard gates (before reporting findings)
Complete in order. Do not advance while a prior gate is open.
- Scope — Pass: You name at least one file under review where
URLSession,URLRequest,HTTPURLResponse/URLResponse,URLCache, orURLErrorappears on a networking path. If none apply, stop with “out of scope.” - HTTP vs transport — Pass: Before claiming missing HTTP status handling or “404 treated as success,” you cite
file:linefor the completion/async/for awaitpath that receivesresponseand state whetherHTTPURLResponseis cast andstatusCodeis checked (or cite the helper that does). If you cannot see the handler, say unknown and ask for it—do not assume. - Session lifecycle — Pass: For a custom
URLSessionwith a delegate, you citefinishTasksAndInvalidate()or the documented long-lived/singleton pattern you rely on; for.shared, say so if the finding depends on configuration. Skip if only ad hocURLSession.sharedone-shots with no delegate issues. - Background or file transfer (if applicable) — Pass: If
URLSessionConfiguration.background,downloadTask, or app-extension–scoped sessions appear, findings cite identifier uniqueness, delegate vs completion-handler usage, or file URLs as required. If none of those APIs appear, mark N/A and continue. - Severity and checklist — Pass: Every Critical item includes
file:lineand names which Review Checklist subsection it violates (e.g. Response Validation, Background Sessions). Lower-severity items still name the file(s) they are drawn from.
Output Format
### Critical
1. [FILE:LINE] Missing HTTP status validation
- Issue: 404/500 responses not treated as errors
- Fix: Check `httpResponse.statusCode` is 200-299
安全使用建议
This skill is coherent and appears to do what it says: a local code-review checklist for URLSession usage. Before installing: (1) remember it will analyze any code files you give it, so avoid providing files containing secrets or unrelated private data; (2) the owner and homepage are unknown — review the SKILL.md and reference docs yourself to confirm they match your expectations; (3) if you prefer the skill not be invoked autonomously, consider disabling model invocation or restricting skill usage in your agent settings; (4) because the skill is instruction-only, it won’t download code during install, but the agent may process and summarize code you upload — treat outputs as assistant-generated guidance, not a replacement for a human security review.
能力评估
Purpose & Capability
Name/description (URLSession code review) matches the provided SKILL.md and reference documents. The skill is instruction-only, requests no binaries, env vars, or config paths, and does not attempt to perform unrelated platform actions.
Instruction Scope
SKILL.md defines a narrow, well-scoped review workflow (gates, file:line citations, checklist items) that confines the agent to analyze code containing URLSession/URLRequest/etc. It does not instruct the agent to read system-wide files, environment variables, or send data to external endpoints. Note: the skill expects to read the files under review (it requires citing file:line), so it will process any code the user provides.
Install Mechanism
No install spec is present (instruction-only), so nothing will be downloaded or written to disk by an installer step — lowest-risk installation profile.
Credentials
The skill declares no required environment variables, credentials, or config paths. Reference docs discuss Keychain and file operations only as guidance for reviewed code; the skill itself does not request secrets or unrelated credentials.
Persistence & Privilege
always:false (normal). disable-model-invocation is false, meaning the agent can autonomously invoke the skill per platform defaults — this is expected for skills but increases blast radius compared to a manually-invoked-only skill. There is no request to modify other skills or persistent system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install urlsession-code-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/urlsession-code-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
- Expanded "Hard gates" before reporting findings to clearly outline step-by-step review constraints.
- Gates now require explicit file:line references for HTTP/transport reporting, session lifecycle, and background session findings.
- Added instructions for how and when to mark scope as "out of scope" or "unknown" based on code visibility.
- Critical findings must now cite violated checklist subsections and specific file:line locations.
- Review workflow and output requirements explicitly clarified to ensure more precise, actionable feedback.
v1.2.0
Version 1.2.0 of urlsession-code-review updates and expands skill documentation and guidelines:
- Adds comprehensive SKILL.md with supported triggers, overview, detailed review checklist, and quick reference links.
- Checklist now explicitly covers async/await, request and error handling, memory management, caching, configuration, background sessions, and security best practices.
- Includes a sample markdown output format for reporting code review findings.
元数据
常见问题
Urlsession Code Review 是什么?
Reviews URLSession networking code for iOS/macOS. Covers async/await patterns, request building, error handling, caching, and background sessions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 160 次。
如何安装 Urlsession Code Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install urlsession-code-review」即可一键安装,无需额外配置。
Urlsession Code Review 是免费的吗?
是的,Urlsession Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Urlsession Code Review 支持哪些平台?
Urlsession Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Urlsession Code Review?
由 Kevin Anderson(@anderskev)开发并维护,当前版本 v1.2.1。
推荐 Skills