Audit App Store Readiness
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to run a disclosed, mostly read-only App Store readiness audit, but users should notice that it executes local commands and has optional build/fix steps.
This looks safe to use for a repository audit if you are comfortable running a local Node script. Treat the generated report as potentially containing repository details, and approve build, install, archive, or patch steps only after reviewing what they will change.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill executes local tools on the selected repository, which can reveal repository metadata and produce command output in the report.
The audit script can execute local binaries. In the visible code this is used for audit-supporting commands, and shell execution is disabled in the generic helper.
const res = spawnSync(cmd, args, { ... shell: false, });Run it only on repositories you intend to audit, review optional command output, and avoid approving mutating build or fix steps unless you want those changes.
If the user asks for fixes or build validation, the agent may patch project files or run commands that create build artifacts.
The skill documents potentially mutating commands and build operations, but it also scopes them behind read-only defaults and user-directed approval.
Default to **read-only** commands. Do not run commands that modify the workspace unless: - the user explicitly asks, **or** - the fix is trivial and clearly desired
Before using fix mode or build/archive commands, confirm the exact files or artifacts that will be changed and keep the repository under version control.