Skills urlsession-code-review
Reviews URLSession networking code for iOS/macOS. Covers async/await patterns, request building, error handling, caching, and background sessions.
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/anderskev/urlsession-code-review" ~/.claude/skills/clawdbot-skills-urlsession-code-review && rm -rf "$T"
manifest:
skills/anderskev/urlsession-code-review/SKILL.mdsource content
URLSession Code Review
Quick Reference
| Topic | Reference |
|---|---|
| Async/Await | async-networking.md |
| Requests | request-building.md |
| Errors | error-handling.md |
| Caching | caching.md |
Review Checklist
Response Validation
- HTTP status codes validated - URLSession does NOT throw on 404/500
- Response cast to HTTPURLResponse before checking status
- Both transport errors (URLError) and HTTP errors handled
Memory & Resources
- Downloaded files moved/deleted (async API doesn't auto-delete)
- Sessions with delegates call
finishTasksAndInvalidate() - Long-running tasks use
[weak self] - Stored Task references cancelled when appropriate
Configuration
-
set (default is 7 days!)timeoutIntervalForResource - URLCache sized adequately (default 512KB too small)
- Sessions reused for connection pooling
Background Sessions
- Unique identifier (especially with app extensions)
- File-based uploads (not data-based)
- Delegate methods used (not completion handlers)
Security
- No hardcoded secrets (use Keychain)
- Header values sanitized for CRLF injection
- Query params via URLComponents (not string concat)
Output Format
### Critical 1. [FILE:LINE] Missing HTTP status validation - Issue: 404/500 responses not treated as errors - Fix: Check `httpResponse.statusCode` is 200-299