← 返回 Skills 市场
tristanmanchester

Audit App Store Readiness

作者 Tristan Manchester · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1961
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install auditing-appstore-readiness
功能描述
Audit an iOS app repo (Swift/Xcode or React Native/Expo) for App Store compliance and release readiness; output a pass/warn/fail report and publish checklist.
使用说明 (SKILL.md)

App Store Readiness Audit

This skill reviews an app repository and produces a release readiness report for iOS App Store / TestFlight submission.

It supports:

  • Native iOS (Swift/Obj‑C, Xcode project/workspace)
  • React Native (bare)
  • Expo (managed or prebuild)

Quick start (recommended)

Run the read‑only audit script from the repo root:

{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo . --format md" }

If you want JSON output as well:

{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo . --format md --json audit.json" }

If the repo is a monorepo, point at the app directory:

{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo apps/mobile --format md" }

Output contract

Always return:

  • Overall verdict: PASS / WARN / FAIL
  • Detected project flavour and key identifiers (bundle id, version, build)
  • A list of checks with evidence and remediation steps
  • A Publish checklist the developer can tick off

Use: references/report-template.md

Safety rules (don’t break the repo)

Default to read‑only commands. Do not run commands that modify the workspace unless:

  • the user explicitly asks, or
  • the fix is trivial and clearly desired (then explain what will change first)

Examples of mutating commands:

  • dependency installs (npm i, yarn, pnpm i, pod install)
  • config generation (expo prebuild)
  • signing automation (fastlane match)
  • archiving (xcodebuild archive, eas build) — creates artefacts and may require signing

If you must run a mutating command, label it clearly as MUTATING before running.

Main workflow

1) Identify the repo and project flavour

Prefer scripted detection (audit.mjs). If doing manually:

  • Expo likely: package.json contains expo and app.json / app.config.* exists
  • React Native (bare): package.json contains react-native and ios/ exists
  • Native iOS: *.xcodeproj or *.xcworkspace exists

If multiple apps exist, pick the one matching the user’s intent; otherwise pick the directory with:

  • a single ios/\x3CAppName>/Info.plist, and
  • exactly one .xcodeproj or .xcworkspace near the root.

2) Run static compliance checks (works everywhere)

Run these checks even without Xcode:

  • Repo hygiene: clean git status; obvious secrets not committed
  • iOS identifiers: bundle id, version, build number
  • App icons: includes an App Store (1024×1024) icon
  • Launch screen present
  • Privacy & permissions:
    • Privacy manifest present (PrivacyInfo.xcprivacy) or explicitly accounted for
    • Permission usage strings present when relevant (camera, location, tracking, etc.)
    • Avoid broad ATS exemptions (NSAllowsArbitraryLoads)
  • Third‑party SDK hygiene: licences, privacy manifests, tracking disclosures
  • Store listing basics: privacy policy URL exists somewhere in repo/docs; support/contact info

The script outputs PASS/WARN/FAIL for these.

3) Run build‑accuracy checks (macOS + Xcode, optional but high confidence)

Only if you have Xcode available (local macOS gateway or a paired macOS node).

Recommended sequence (creates build artefacts):

  1. Show Xcode + SDK versions: { "tool": "exec", "command": "xcodebuild -version" }

  2. List schemes (project/workspace as detected): { "tool": "exec", "command": "xcodebuild -list -json -workspace \x3Cpath>.xcworkspace" } or { "tool": "exec", "command": "xcodebuild -list -json -project \x3Cpath>.xcodeproj" }

  3. Release build for simulator (fast, avoids signing): { "tool": "exec", "command": "xcodebuild -workspace \x3C...> -scheme \x3C...> -configuration Release -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 15' build" }

  4. If you need a distribution artefact (MUTATING / signing):

  • Prefer Fastlane if already configured
  • Otherwise xcodebuild archive + xcodebuild -exportArchive

If build checks aren’t possible, the report must explicitly say so and keep the verdict at WARN (unless there are definite FAIL items).

4) Produce the final readiness report

  • Use references/report-template.md
  • Include a “Go / No‑Go” recommendation:
    • FAIL → must fix before submitting
    • WARN → submission may work, but risk areas remain
    • PASS → ready to submit; remaining items are administrative

Manual checks the agent cannot fully verify

Always include these as a final checklist section (even if automated checks pass):

  • App Store Connect metadata: screenshots, description, keywords, age rating, pricing, categories
  • Privacy Nutrition Labels match actual behaviour
  • Export compliance (encryption) answers are correct
  • Content/IP rights: licences, third‑party assets, trademarks
  • Account / regional requirements (e.g. EU trader status if applicable)
  • In‑app purchases / subscriptions configured if used

See: references/manual-checklist.md

When the user asks “make it compliant”

Switch to fix mode:

  1. Identify failing items that can be fixed safely in‑repo (Info.plist strings, PrivacyInfo.xcprivacy template, ATS exceptions tightening, etc.)
  2. Propose minimal patches and apply with apply_patch
  3. Re‑run audit.mjs and update the report

Quick search

安全使用建议
This skill is coherent and appears to do what it says: static auditing of iOS/React Native/Expo repos with optional build checks. A few practical points before you run it: (1) By default it is read-only, but it can run mutating commands (npm/pod installs, xcodebuild archive, expo prebuild) and apply patches if you ask—review any proposed patches before applying. (2) Build-accuracy checks require macOS/Xcode; on non-mac machines the tool will fall back to static checks and mark build status as WARN. (3) The script reads repository files (including any committed secrets); do not run it on repos containing sensitive credentials you don't want inspected. (4) The tool executes local binaries (git, plutil, python, xcodebuild) — their presence affects behavior. (5) SKILL.md does not include any network endpoints; however, if you run the audit inside an agent with external network access, the generated report could be transmitted by the agent itself — ensure your agent's policies around data transmission are acceptable. If you want higher assurance, inspect the proposed patches and run the script in a sandbox or CI environment first.
功能分析
Type: OpenClaw Skill Name: auditing-appstore-readiness Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of high-risk execution capabilities, even though the stated intent appears benign. The `SKILL.md` instructs the AI agent to execute `xcodebuild build` commands, which compile and link code from the repository, creating artifacts. While this is for a simulator and part of an 'audit', it represents a significant code execution capability. Additionally, the `scripts/audit.mjs` file defines a `runShell` function that uses the platform shell (`/bin/bash -lc` or `cmd.exe /c`), allowing arbitrary shell command execution; although this function is not called within `audit.mjs`, its presence indicates a high-risk capability. The script does include a positive security feature by actively scanning for potential secrets (e.g., `.p12`, `.env`, SSH keys) within the repository, which is a mitigating factor against malicious intent but does not negate the risky capabilities.
能力评估
Purpose & Capability
Name/description (iOS/App Store readiness) align with the included files and runtime requirements. The skill only requires git and contains a Node script and supporting reference docs that perform static repo inspection, plist parsing, and optional Xcode build checks—all appropriate for an audit tool.
Instruction Scope
SKILL.md instructs the agent to run the bundled audit.mjs script and to prefer read-only checks. It explicitly marks mutating operations (dependency installs, expo prebuild, signing, xcodebuild archive) as MUTATING and states they should only run with explicit user consent. The instructions reference only repo files and local developer tools; they do not direct data to any external network endpoint.
Install Mechanism
No install spec is provided (instruction + bundled script only). That is low-risk: nothing is downloaded or extracted at install time and the only runtime dependency is Node (for running the script) and git which are reasonable for this task.
Credentials
The skill requests no environment variables, no credentials, and no config paths. It does use local tools if present (plutil, python, xcodebuild) for higher-confidence parsing/build checks, which is proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills. It does describe a 'fix mode' that proposes and applies patches (via an agent action like apply_patch) — this is normal for a repo-editing helper but should only be used when the user explicitly requests changes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install auditing-appstore-readiness
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /auditing-appstore-readiness 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of auditing-appstore-readiness. - Audits iOS app repositories (Swift/Xcode, React Native, Expo) for App Store/TestFlight compliance. - Outputs a structured PASS/WARN/FAIL report with evidence, remediation steps, and a publish checklist. - Implements static compliance checks and optional build-accuracy checks if Xcode is available. - Follows strict safety rules: defaults to read-only actions and clearly labels any changes. - Includes manual review checklist items for areas automation cannot fully verify.
元数据
Slug auditing-appstore-readiness
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Audit App Store Readiness 是什么?

Audit an iOS app repo (Swift/Xcode or React Native/Expo) for App Store compliance and release readiness; output a pass/warn/fail report and publish checklist. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1961 次。

如何安装 Audit App Store Readiness?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install auditing-appstore-readiness」即可一键安装,无需额外配置。

Audit App Store Readiness 是免费的吗?

是的,Audit App Store Readiness 完全免费(开源免费),可自由下载、安装和使用。

Audit App Store Readiness 支持哪些平台?

Audit App Store Readiness 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Audit App Store Readiness?

由 Tristan Manchester(@tristanmanchester)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论