Apple Developer Toolkit
v3.5.0All-in-one Apple developer skill with three integrated tools shipped as a single unified binary. (1) Documentation search across Apple frameworks, symbols, a...
⭐ 1· 1.3k·4 current·4 all-time
byAbdullah AlRashoudi@abdullah4ai
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL claims a single unified binary (appledev) that provides docs search, App Store Connect CLI, and an app builder. Yet the instructions repeatedly show running node cli.js (e.g., `node cli.js search`) and reference a Node package.json — which implies Node-based scripts rather than a single prebuilt native binary. The registry metadata lists node as required plus an 'anyBins' appledev; this mismatch (binary vs Node script usage) is incoherent and worth clarifying. Minor version mismatch (registry 3.5.0 vs package.json 3.2.0) also raises consistency questions.
Instruction Scope
SKILL.md instructs running local files (node cli.js, bash scripts/setup.sh) and commands that may bootstrap or install prerequisites (e.g., `appledev build setup`, `bash scripts/setup.sh`). Those instructions assume repository files are present on the host; but the declared install path is a Homebrew formula that installs a single binary. If an agent follows the SKILL.md literally, it may try to run scripts that come from the skill bundle — verify which files are actually installed. The docs also instruct storing App Store Connect keys and LLM keys as env vars; those are expected for the claimed features, but the instructions are broad about 'checks and installs prerequisites' which could cause the tool to download/run additional code during setup.
Install Mechanism
Install uses a Homebrew formula from a third-party tap (Abdullah4AI/tap). While Homebrew is common, third-party taps can deliver arbitrary code; the formula's contents and the tap owner's reputation are not provided. The brew-based install is higher risk than an official GitHub release or an official Homebrew/core formula. The SKILL also includes 'build from source' steps (`bash scripts/setup.sh`) which would run repository scripts if used — review those scripts before executing.
Credentials
Requested environment variables are optional and appropriate for the described features: APPSTORE_* (App Store Connect API key/issuer/private key paths) for store operations, and LLM_API_KEY for the app builder. No unrelated credentials or unexpected secrets are requested.
Persistence & Privilege
The skill is not marked always:true and does not request special config paths or system-wide changes. It does not declare persistent privileges or modifications to other skills. Autonomous invocation remains allowed (platform default) but is not combined with other high-risk flags here.
Scan Findings in Context
[no-regex-findings] expected: The static regex scanner reported no findings. This is plausible because the skill bundle is mostly markdown/docs and SKILL.md instructions rather than executable code in the registry entry. However, absence of findings is not proof of safety — Homebrew formula content and any install-time scripts were not provided to the scanner.
What to consider before installing
Key things to check before installing or using this skill:
- Clarify the runtime: ask the author which binary actually provides each feature. Does `brew install Abdullah4AI/tap/appledev` install a native appledev binary that implements everything, or do you need to run Node scripts from the repository? The SKILL.md is inconsistent (claims one binary but shows `node cli.js`).
- Inspect the Homebrew tap/formula before installing: review the formula source on the tap (Abdullah4AI/tap) to see what it downloads or executes. Third-party taps can run arbitrary install scripts and fetch code from remote URLs.
- If you must install, do so in a sandboxed environment (VM or isolated Mac) until you confirm behavior. Avoid running `bash scripts/setup.sh` or other install scripts from the repo without reviewing them.
- Protect credentials: only provide APPSTORE_* keys and LLM_API_KEY when you understand where they are stored and how the tool transmits them. Prefer using temporary or least-privilege keys (App Store Connect key with minimal access) for initial testing.
- Prefer an authoritative source: ask for an official homepage or a GitHub release. If the maintainer can provide a signed release or an official Homebrew/core formula, that reduces risk.
- If you plan to rely on the documentation/search feature, verify locally whether `node cli.js` exists after installation or whether the installed appledev binary exposes the documented subcommands. If not, do not run arbitrary node scripts fetched from the repo.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🍎 Clawdis
Binsnode
Any binappledev
Install
Apple Developer Toolkit - unified binary (Homebrew)
Bins: appledev
brew install Abdullah4AI/tap/appledevlatest
Abdullah AlRashoudi@abdullah4ai
DownloadApple Developer Toolkit
Three tools in one binary. Each part works independently with different credential requirements.
Architecture
Ships as a single unified binary appledev with multi-call support:
appledev build ... # iOS app builder (SwiftShip)
appledev store ... # App Store Connect CLI
appledev b ... # Short alias
appledev s ... # Short alias
One binary, three tools, zero duplication.
Credential Requirements by Feature
| Feature | Credentials Needed | Works Without Setup |
|---|---|---|
| Documentation Search (Part 1) | None | Yes |
| App Store Connect (Part 2) | App Store Connect API key (.p8) | No |
| iOS App Builder (Part 3) | LLM API key + Xcode | No |
Setup
Part 1: Documentation Search (no setup needed)
Works immediately with Node.js:
node cli.js search "NavigationStack"
Part 2: App Store Connect CLI
Install via Homebrew:
brew install Abdullah4AI/tap/appledev
Authenticate with your App Store Connect API key:
appledev store auth login --name "MyApp" --key-id "KEY_ID" --issuer-id "ISSUER_ID" --private-key /path/to/AuthKey.p8
Or set environment variables:
export APPSTORE_KEY_ID="your-key-id"
export APPSTORE_ISSUER_ID="your-issuer-id"
export APPSTORE_PRIVATE_KEY_PATH="/path/to/AuthKey.p8"
API keys are created at https://appstoreconnect.apple.com/access/integrations/api
Part 3: iOS App Builder
Prerequisites: Xcode (with iOS Simulator), XcodeGen, and an LLM API key for code generation.
appledev build setup # Checks and installs prerequisites
Build from source
bash scripts/setup.sh
Part 1: Documentation Search
node cli.js search "NavigationStack"
node cli.js symbols "UIView"
node cli.js doc "/documentation/swiftui/navigationstack"
node cli.js overview "SwiftUI"
node cli.js samples "SwiftUI"
node cli.js wwdc-search "concurrency"
node cli.js wwdc-year 2025
node cli.js wwdc-topic "swiftui-ui-frameworks"
Part 2: App Store Connect
Full reference: references/app-store-connect.md
| Task | Command |
|---|---|
| List apps | appledev store apps |
| Upload build | appledev store builds upload --app "APP_ID" --ipa "app.ipa" --wait |
| Find build by number | appledev store builds find --app "APP_ID" --build-number "42" |
| Wait for build processing | appledev store builds wait --build "BUILD_ID" |
| Publish TestFlight | appledev store publish testflight --app "APP_ID" --ipa "app.ipa" --group "Beta" --wait |
| Submit App Store | appledev store publish appstore --app "APP_ID" --ipa "app.ipa" --submit --confirm --wait |
| Pre-submission validation | appledev store validate --app "APP_ID" --version-id "VERSION_ID" |
| List certificates | appledev store certificates list |
| Reviews | appledev store reviews --app "APP_ID" --output table |
| Update localizations | appledev store localizations update --app "APP_ID" --locale "en-US" --name "My App" |
| Sales report | appledev store analytics sales --vendor "VENDOR" --type SALES --subtype SUMMARY --frequency DAILY --date "2024-01-20" |
| Xcode Cloud | appledev store xcode-cloud run --app "APP_ID" --workflow "CI" --branch "main" --wait |
| Notarize | appledev store notarization submit --file ./MyApp.zip --wait |
| Status dashboard | appledev store status --app "APP_ID" --output table |
| Weekly insights | appledev store insights weekly --app "APP_ID" --source analytics |
| Metadata pull | appledev store metadata pull --app "APP_ID" --version "1.2.3" --dir ./metadata |
| Release notes | appledev store release-notes generate --since-tag "v1.2.2" |
| Diff localizations | appledev store diff localizations --app "APP_ID" --path ./metadata |
| Nominations | appledev store nominations create --app "APP_ID" --name "Launch" |
| Price point filter | appledev store pricing price-points --app "APP_ID" --price 0.99 |
| IAP (family sharable) | appledev store iap create --app "APP_ID" --family-sharable |
| Subscription (family sharable) | appledev store subscriptions create --app "APP_ID" --family-sharable |
Environment Variables
All environment variables are optional. They override flags when set.
| Variable | Description |
|---|---|
APPSTORE_KEY_ID | API Key ID |
APPSTORE_ISSUER_ID | API Issuer ID |
APPSTORE_PRIVATE_KEY_PATH | Path to .p8 key file |
APPSTORE_PRIVATE_KEY | Raw private key string |
APPSTORE_PRIVATE_KEY_B64 | Base64-encoded private key |
APPSTORE_APP_ID | Default app ID |
APPSTORE_PROFILE | Default auth profile |
APPSTORE_DEBUG | Enable debug output |
APPSTORE_TIMEOUT | Request timeout |
APPSTORE_BYPASS_KEYCHAIN | Skip system keychain |
Part 3: Multi-Platform App Builder
Supports iOS, watchOS, tvOS, and iPad. Generates complete Swift/SwiftUI apps from natural language with AI-powered code generation.
appledev build # Interactive mode
appledev build setup # Install prerequisites (Xcode, XcodeGen, AI backend)
appledev build fix # Auto-fix build errors
appledev build run # Build and launch in simulator
appledev build open # Open project in Xcode
appledev build chat # Interactive chat mode (edit/ask questions)
appledev build info # Show project status
appledev build usage # Token usage and cost
Supported Platforms
| Platform | Status |
|---|---|
| iOS | Full support |
| iPad | Full support |
| macOS | Supported |
| watchOS | Supported |
| tvOS | Supported |
| visionOS | Supported |
How it works
describe > analyze > plan > build > fix > run
- Analyze - Extracts app name, features, core flow, target platform from description
- Plan - Produces file-level build plan: data models, navigation, design
- Build - Generates Swift source files, project.yml, asset catalog
- Fix - Compiles and auto-repairs until build succeeds
- Run - Boots Simulator and launches the app
Interactive commands
| Command | Description |
|---|---|
/run | Build and launch in simulator |
/fix | Auto-fix compilation errors |
/open | Open project in Xcode |
/ask [question] | Ask a question about the project |
/model [name] | Switch model (sonnet, opus, haiku) |
/info | Show project info |
/usage | Token usage and cost |
References
| Reference | Content |
|---|---|
| references/app-store-connect.md | Complete App Store Connect CLI commands |
| references/ios-rules/ | 38 iOS development rules |
| references/swiftui-guides/ | 12 SwiftUI best practice guides |
| references/ios-app-builder-prompts.md | System prompts for app building |
iOS Rules (38 files)
accessibility, app_clips, app_review, apple_translation, biometrics, camera, charts, color_contrast, components, dark_mode, design-system, feedback_states, file-structure, forbidden-patterns, foundation_models, gestures, haptics, healthkit, live_activities, localization, maps, mvvm-architecture, navigation-patterns, notification_service, notifications, safari_extension, share_extension, siri_intents, spacing_layout, speech, storage-patterns, swift-conventions, timers, typography, view-composition, view_complexity, website_links, widgets
SwiftUI Guides (12 files)
animations, forms-and-input, layout, liquid-glass, list-patterns, media, modern-apis, navigation, performance, scroll-patterns, state-management, text-formatting
Comments
Loading comments...