ClawHub

Google Play Store

v1.0.0

Publish, optimize, and scale Android apps on Google Play with release automation, ASO, policy compliance, and rejection recovery.

1· 417·1 current·1 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Google Play publishing, ASO, policy/rejection recovery) match the contents: many docs about tracks, Fastlane automation, policy forms, and checklists. The skill does not ask for unrelated binaries, cloud credentials, or system-wide access.
Instruction Scope
The SKILL.md and companion files instruct the agent to create and maintain a local memory directory (~/google-play-store/) and to ask the user onboarding questions — this is reasonable for a publishing assistant. The docs include concrete Fastlane examples and CI snippets that reference service-account JSONs and keystore secrets; these are standard for Play uploads but are external to the skill (the skill does not itself demand these secrets). The skill explicitly warns not to store credentials in memory, which is good practice, but users should ensure the agent follows that guidance.
Install Mechanism
There is no install spec and no code files to execute — instruction-only. That minimizes on-disk code risk. The Fastlane/CI guidance references installing Fastlane via brew/gem, but the skill does not perform installs itself.
Credentials
The skill declares no required environment variables or credentials. Example workflows show needing a Play service account JSON and keystore secrets (typical and proportional for Play uploads). Because the skill will prompt about CI/keys during setup, users must avoid pasting raw credentials into the skill's memory and should keep secrets in CI secret stores or password managers as recommended.
Persistence & Privilege
always:false and the skill stores data only under a dedicated ~/google-play-store/ folder per its docs. It does not request system-wide configuration changes or elevated privileges and does not modify other skills.
Assessment
This skill is coherent with its stated purpose, but before installing: (1) confirm you’re comfortable with the agent creating ~/google-play-store/ and saving non-sensitive metadata there; (2) never paste service-account JSONs, keystore files, passwords, or other secrets into that memory — use CI secret stores or a password manager as the docs advise; (3) review the Fastlane lanes and CI scripts the agent may suggest before running them (they reference environment variables and secret decoding commands); (4) because the skill source is listed as unknown and it’s instruction-only, it cannot execute code on install but it can guide you to run commands — verify commands and CI config in a safe/dev account first. If the skill ever asks to store credentials in its memory or to send files to an external URL not documented in the Play/Fastlane flow, decline and review those requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d00xenx11t3sea770p9c48981tdps

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
OSLinux · macOS · Windows

Comments