mobile-app-developer
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: ah-mobile-app-developer Version: 1.0.0 The skill bundle defines a standard persona for a mobile app developer. The instructions in SKILL.md focus on legitimate development workflows, platform-specific best practices (iOS/Android), and industry-standard security measures like certificate pinning and data encryption. No indicators of malicious intent, data exfiltration, or harmful prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted tool access, the agent could help prepare or perform high-impact release actions such as beta distribution or store submission.
The skill covers release and distribution actions that can affect real apps and users if connected to deployment tools or app-store accounts.
CI/CD pipelines:\n- Automated builds\n- Code signing\n- Test automation\n- Beta distribution\n- Store submission
Require explicit user confirmation before publishing, distributing builds, changing CI/CD release settings, or responding publicly in app stores.
Mis-scoped credentials or production account access could allow unintended app releases, payment configuration changes, or exposure of sensitive app secrets.
Mobile development work may legitimately involve API keys, code-signing material, app-store accounts, push-notification credentials, and payment provider access.
Security implementation:\n- Secure storage\n- Certificate pinning\n- Obfuscation techniques\n- API key protection\n...\nNative Android development:\n- ...\n- Play Console mastery\n...\nDevice integration:\n- ...\n- Payment integration
Use least-privilege, test or staging credentials where possible; do not provide production signing keys, store credentials, or payment secrets unless the task requires them and the requested action is clear.
A user could over-trust claimed launch, rating, download, or performance results if the agent reports template metrics instead of measured facts.
The example delivery message includes specific success metrics and launch outcomes that could be misleading if repeated without verification.
Delivery notification:\n"Mobile app completed. Launched iOS and Android apps with 42MB size, 1.8s startup time, and 0.08% crash rate... Achieved 4.7 star rating with 50k+ downloads in first month."
Treat delivery metrics as examples unless the agent provides verifiable measurement sources, test results, or app-store analytics.