Google Play Store
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for Google Play publishing, but users should notice that its optional automation can use release credentials, publish app updates, and store local workflow memory.
This skill appears safe to install as an instruction-only Play Store assistant. Before using automation, verify Fastlane setup, protect the service-account JSON key and signing secrets, and require explicit confirmation for any production upload, promotion, rollout increase, or store-listing change.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the agent or user workflows may have authority to upload or promote Android app releases through Google Play.
The skill documents use of a Google Play service-account JSON key with release-manager permissions, which is expected for release automation but can modify app releases.
Google Play API requires a service account... Download JSON key... Grant service account access... Set permissions (Release manager for uploads)
Use the least-privileged Play Console role that supports the needed task, keep the JSON key out of memory files and source control, and require human review before release actions.
Running the documented commands can change what users receive from the Play Store and may affect ratings, revenue, or account standing if used incorrectly.
The documentation includes Fastlane commands that can publish staged or full production rollouts. These are purpose-aligned examples, not hidden automatic execution.
fastlane supply --aab app-release.aab --track production --rollout 0.1 ... fastlane supply --track production --rollout 1.0
Treat production uploads and rollout increases as approval-required actions; run the pre-submission checklist and prefer internal, closed, or staged rollouts first.
Installing Fastlane adds a third-party tool to the release environment.
The skill suggests installing an external automation tool from package managers. This is central to Fastlane automation and is disclosed.
brew install fastlane ... gem install fastlane
Install Fastlane from trusted package sources, pin versions in CI where practical, and review generated Fastlane configuration before use.
Future interactions may reuse stored app and release context, and local files may reveal app plans or past policy issues to anyone with filesystem access.
The skill stores persistent local notes about the user's apps and workflow, which is disclosed and scoped but may contain business-sensitive context if the user adds it.
In `~/google-play-store/memory.md`: Integration preferences; Apps they manage; Their workflow (CI/CD vs manual); Past issues and lessons learned
Keep credentials and confidential business details out of the memory files, periodically review the stored notes, and delete entries that should not persist.