ClawHub

Appkittie

v1.0.0

Provides AI agents with live App Store data for app discovery, keyword research, competitor analysis, growth, revenue, and ad intelligence using the AppKitti...

0· 41·0 current·0 all-time
byTadas Gedgaudas@tadasgedgaudas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (App Store intelligence, keywords, revenue, ads) match the instructions: skills call AppKittie endpoints (search_apps, get_app_detail, keyword endpoints) and provide playbooks for ASO and competitive analysis. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
Runtime instructions are explicit and stay on-topic (call AppKittie/MCP endpoints, create/read an app-marketing-context.md for context). They instruct the agent to read and write a local app-marketing-context.md file (expected behavior) and to register a hosted MCP server with an Authorization: Bearer API key. This is reasonable for the stated purpose but worth noting: the API key will be sent to mcp.appkittie.com and used for all API calls the skills make.
Install Mechanism
This is instruction-only (no install spec, no packaged code files that run automatically). The doc suggests cloning a GitHub repo and an npx command (npx skills add appkittie/mcp). Those are standard but involve fetching remote code (GitHub/npm) under the user's control — inspect the repo before running npx or cloning and verify the source.
Credentials
The skill does not declare environment variables or request unrelated credentials. It does require the user to create an AppKittie API key and provide it to the MCP server configuration — this is proportional to calling a hosted API. No other secrets or system credentials are requested.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. It instructs creation/reading of a project-local app-marketing-context.md file and registering an MCP server in the client's MCP config — both are within normal behavior for skills and confined to the user's agent configuration.
Assessment
This skill appears coherent for App Store research, but take simple precautions before installing: 1) Verify the GitHub repo (https://github.com/appkittie/mcp) and the publisher identity — don't run npx or arbitrary install commands until you inspect the code. 2) Confirm TLS and ownership of mcp.appkittie.com and review its privacy/terms — your API key will be forwarded there. 3) Create an API key with minimal scope and treat it as a secret (do not reuse other service credentials). 4) Keep sensitive data out of the generated app-marketing-context.md file (no passwords, API keys, or private user data). 5) If you plan to run the npx command, inspect the package that npx will execute (or clone the repo manually) so you know what code will run on your machine.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ez68sht4mg76da1h5dtbv6n8400kr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments