App Store Connect
v1.0.0Manage iOS apps, TestFlight builds, submissions, and analytics via App Store Connect API.
⭐ 1· 852·2 current·2 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required env vars (ASC_ISSUER_ID, ASC_KEY_ID, ASC_PRIVATE_KEY_PATH), and the documented API endpoints (api.appstoreconnect.apple.com) are coherent for an App Store Connect integration. No unrelated services, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are detailed and constrained to JWT generation, calling Apple API endpoints, build/upload and TestFlight workflows. The docs explicitly instruct generating JWTs locally and not transmitting the .p8 file. Commands reference macOS tooling (xcrun/Transporter) where appropriate, and all file/env accesses mentioned map to the declared requirements.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing is downloaded or written to disk by the skill itself. That minimizes install-time risk.
Credentials
The three required env vars are appropriate for JWT-based App Store Connect access. Note: ASC_PRIVATE_KEY_PATH implies the agent/process will need read access to your .p8 file to generate tokens — make sure the file is stored securely and the provided path is correct and restricted to trusted users.
Persistence & Privilege
always is false and the skill does not request persistent system-level changes or access to other skills' configs. The skill can be invoked autonomously per platform default, which is expected for skills of this type.
Assessment
This skill appears coherent for managing App Store Connect. Before installing: (1) ensure you trust the agent because it will need read access to the .p8 private key at the path you provide; (2) keep the .p8 file out of version control and in a restricted location, and rotate keys if you suspect compromise; (3) prefer least-privilege roles (App Manager vs Admin) for the API key where possible; (4) note macOS-only tooling references (xcrun/Transporter) — those commands won't run on Linux/Windows but API calls still work; (5) if you do not want the skill acting without confirmation, limit its use or check your agent's autonomy settings prior to enabling.Like a lobster shell, security has layers — review code before you run it.
latestvk970m0a56fh4j5rqy2q84svdvn81hzej
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🍎 Clawdis
OSLinux · macOS · Windows
EnvASC_ISSUER_ID, ASC_KEY_ID, ASC_PRIVATE_KEY_PATH