energykit
https://raw.githubusercontent.com/dpearson2699/swift-ios-skills/main/skills/energykit/SKILL.md
github.com/dpearson2699/swift-ios-skills
Scanned Thu, 28 May 2026 17:09:34 GMT
Scan ID crawl-wuvjsas69na0oumvujgzn6ti · 6ms
B
SCORE 75 / 100
Verdict: Safe to install

4 medium findings.

This skill ships without a capability manifest plus 3 other issues listed below.

0 critical0 high4 medium8 rules passed

Why grade B?

score · 75 / 100

The current grade reflects 4 medium findings (3+ MEDs → B).

0 CRIT0 HIGH4 MED0 LOW
To reach a higher grade
  • A
    Reach Atarget score 95

    Resolve 2 of 4 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
med
Link text shows "electricityguidance.service" but points at sosumi.ai
The visible link text contains the domain `electricityguidance.service`, but the URL actually targets `sosumi.ai`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 489CWE-601
487- [EnergyKit framework](https://sosumi.ai/documentation/energykit)
488- [ElectricityGuidance](https://sosumi.ai/documentation/energykit/electricityguidance)
489- [ElectricityGuidance.Service](https://sosumi.ai/documentation/energykit/electricityguidance/service)text→electricityguidance.service · href→sosumi.ai
490- [ElectricityGuidance.Query](https://sosumi.ai/documentation/energykit/electricityguidance/query)
491- [ElectricityGuidance.Value](https://sosumi.ai/documentation/energykit/electricityguidance/value)
med
Link text shows "electricityguidance.query" but points at sosumi.ai
The visible link text contains the domain `electricityguidance.query`, but the URL actually targets `sosumi.ai`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 490CWE-601
488- [ElectricityGuidance](https://sosumi.ai/documentation/energykit/electricityguidance)
489- [ElectricityGuidance.Service](https://sosumi.ai/documentation/energykit/electricityguidance/service)
490- [ElectricityGuidance.Query](https://sosumi.ai/documentation/energykit/electricityguidance/query)text→electricityguidance.query · href→sosumi.ai
491- [ElectricityGuidance.Value](https://sosumi.ai/documentation/energykit/electricityguidance/value)
492- [EnergyVenue](https://sosumi.ai/documentation/energykit/energyvenue)
med
Link text shows "electricityguidance.value" but points at sosumi.ai
The visible link text contains the domain `electricityguidance.value`, but the URL actually targets `sosumi.ai`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 491CWE-601
489- [ElectricityGuidance.Service](https://sosumi.ai/documentation/energykit/electricityguidance/service)
490- [ElectricityGuidance.Query](https://sosumi.ai/documentation/energykit/electricityguidance/query)
491- [ElectricityGuidance.Value](https://sosumi.ai/documentation/energykit/electricityguidance/value)text→electricityguidance.value · href→sosumi.ai
492- [EnergyVenue](https://sosumi.ai/documentation/energykit/energyvenue)
493- [ElectricVehicleLoadEvent](https://sosumi.ai/documentation/energykit/electricvehicleloadevent)
Scan another →Share
skillox.io/r/crawl-wuvjsas69na0oumvujgzn6ti