Google Play Store

Name: Google Play Store
Author: ivangdavila

功能描述

Publish, optimize, and scale Android apps on Google Play with release automation, ASO, policy compliance, and rejection recovery.

使用说明 (SKILL.md)

Setup

On first use, read setup.md for integration guidelines.

When to Use

User needs to publish, manage, or optimize Android apps on Google Play. Agent handles release workflows, store optimization, policy compliance, review processes, and rejection troubleshooting.

Architecture

Memory lives in ~/google-play-store/. See memory-template.md for structure.

~/google-play-store/
├── memory.md         # Account, apps, preferences
├── apps/             # Per-app tracking
│   └── {package}/    # Package-specific notes
└── checklists/       # Saved submission checklists

Quick Reference

Topic	File
Setup process	`setup.md`
Memory template	`memory-template.md`
Release tracks and rollouts	`tracks.md`
App Store Optimization	`aso.md`
Policy compliance	`policies.md`
Rejection recovery	`rejections.md`
Automation with Fastlane	`fastlane.md`

Core Rules

1. Release Track Progression

Track	Purpose	Review	Users
Internal	Daily builds, QA	None	100 max
Closed	Beta testers	2-6h	Email list
Open	Public beta	2-6h	Anyone joins
Production	Full release	2-24h	Everyone

Mandatory progression for new apps:

Internal → Closed (20+ testers, 14+ days) → Production

Skip this = instant rejection. Start closed testing on day one.

2. Pre-Submission Checklist

Run before EVERY submission:

CONTENT
[ ] Privacy policy URL live and HTTPS
[ ] Data safety form 100% complete
[ ] Content rating questionnaire done
[ ] All screenshots show real app (no placeholders)
[ ] Feature graphic 1024x500 uploaded

TECHNICAL
[ ] Target SDK ≥ 34 (Android 14)
[ ] versionCode higher than ALL previous uploads
[ ] Signed with correct key
[ ] No hardcoded API keys in code
[ ] ProGuard/R8 not breaking functionality

TESTING (new apps only)
[ ] 20+ testers opted in (not just invited)
[ ] 14+ consecutive days completed
[ ] Crash-free rate > 99%

3. Version Code Strategy

versionCode must ALWAYS increase. Cannot reuse. Ever.

Pattern: YYYYMMDDHH
Example: 2025022514 (Feb 25, 2025, 2pm)

Why: Rejected uploads "burn" the versionCode.
     Multiple builds per day need unique codes.

4. App Signing Models

Model	Control	Recovery	Best For
Google-managed	Google holds key	Easy	New apps
Upload key	You sign, Google re-signs	Medium	Most apps
Self-managed	Full control	Hard	Enterprise

Recommendation: Google-managed for new apps. Upload key for updates.

Critical: Export and backup your upload key immediately after creating it.

5. Staged Rollout Protocol

Stage	%	Duration	Gate
Canary	1%	24-48h	Crashes \x3C 0.1%
Early	5%	48-72h	ANRs \x3C 0.5%
Mid	20%	72-96h	Ratings stable
Late	50%	96-120h	No regressions
Full	100%	—	All clear

Halt triggers: Crash spike, ANR spike, 1-star surge, critical bug reports.

6. ASO Essentials

Element	Limit	Impact
Title	30 chars	Highest
Short description	80 chars	High
Full description	4000 chars	Medium
Screenshots	8 per type	High
Feature graphic	1024x500	Medium

Keyword strategy:

Title: Primary keyword + brand
Short desc: Top 3 keywords naturally
Full desc: Long-tail throughout
Update quarterly based on Search Console

7. Response Time SLAs

Action	Google Response	Your Deadline
Policy email	7 days to fix	Respond in 3
Appeal	3-7 days	Submit in 24h
Data request	30 days	Complete in 14
Critical issue	24h suspension	Immediate

Rule: Never ignore policy emails. Silence = admission.

Common Traps

Publishing Traps

Skipped closed testing → Cannot release to production. 20 testers + 14 days mandatory for new apps.
Data safety incomplete → Instant rejection. Fill EVERY field even if "no data collected."
Screenshots with mockups → Rejection for misleading. Use real app screenshots only.
Privacy policy 404 → Rejection. Verify URL works before every submission.

Technical Traps

versionCode not incremented → Upload rejected. Even rejected uploads burn codes.
Target SDK too old → Rejection. Check current requirement before building.
Forgot upload key password → Cannot update app. Store password in password manager.
ProGuard broke app → Crashes after release. Always test release build.

Policy Traps

Undeclared permissions → Policy violation. Justify EVERY sensitive permission.
Background location without need → Rejection + strike. Remove or justify with video.
Kids content undeclared → Policy violation. If ANY appeal to children, declare it.
Deceptive ads → Suspension risk. Follow interstitial timing and close button rules.

Business Traps

No staged rollout → Bad update hits everyone. Always start at 1%.
Ignored policy email → Escalation to strike. Respond within 3 days.
Multiple accounts to evade → Termination. One violation becomes account death.

Security & Privacy

Data that stays local:

Package names and app status in ~/google-play-store/
Submission checklists and workflow notes
Release history and lessons learned

This skill stores ONLY non-sensitive metadata:

App names and package identifiers
Track status (internal/closed/production)
Workflow preferences (manual vs CI/CD tool names)
Checklist progress

This skill does NOT store and will refuse:

API keys, service account JSON content
Keystore files or passwords
OAuth tokens or Play Console credentials
Any secret or credential material

This skill does NOT:

Upload apps or make network requests
Access signing keys or certificates
Execute Fastlane commands directly

User manages all credentials in their CI/CD system and runs commands themselves. The Fastlane examples are documentation only.

Related Skills

Install with clawhub install \x3Cslug> if user confirms:

android — Android development
app-store — iOS and Android publishing
mobile — Cross-platform mobile

Feedback

If useful: clawhub star google-play-store
Stay updated: clawhub sync

安全使用建议

This skill is coherent with its stated purpose, but before installing: (1) confirm you’re comfortable with the agent creating ~/google-play-store/ and saving non-sensitive metadata there; (2) never paste service-account JSONs, keystore files, passwords, or other secrets into that memory — use CI secret stores or a password manager as the docs advise; (3) review the Fastlane lanes and CI scripts the agent may suggest before running them (they reference environment variables and secret decoding commands); (4) because the skill source is listed as unknown and it’s instruction-only, it cannot execute code on install but it can guide you to run commands — verify commands and CI config in a safe/dev account first. If the skill ever asks to store credentials in its memory or to send files to an external URL not documented in the Play/Fastlane flow, decline and review those requests.

功能分析

Type: OpenClaw Skill Name: google-play-store Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'google-play-store' is classified as benign. The `SKILL.md` explicitly states that the skill does NOT store credentials, make network requests, or execute Fastlane commands directly, clarifying that Fastlane examples in `fastlane.md` are for the user's CI/CD systems. The `memory-template.md` further reinforces that no sensitive data is stored locally. All instructions for the agent are focused on providing guidance and managing non-sensitive metadata related to Google Play Store processes, without any evidence of malicious prompt injection, data exfiltration, or unauthorized execution.

能力评估

✓ Purpose & Capability

Name/description (Google Play publishing, ASO, policy/rejection recovery) match the contents: many docs about tracks, Fastlane automation, policy forms, and checklists. The skill does not ask for unrelated binaries, cloud credentials, or system-wide access.

ℹ Instruction Scope

The SKILL.md and companion files instruct the agent to create and maintain a local memory directory (~/google-play-store/) and to ask the user onboarding questions — this is reasonable for a publishing assistant. The docs include concrete Fastlane examples and CI snippets that reference service-account JSONs and keystore secrets; these are standard for Play uploads but are external to the skill (the skill does not itself demand these secrets). The skill explicitly warns not to store credentials in memory, which is good practice, but users should ensure the agent follows that guidance.

✓ Install Mechanism

There is no install spec and no code files to execute — instruction-only. That minimizes on-disk code risk. The Fastlane/CI guidance references installing Fastlane via brew/gem, but the skill does not perform installs itself.

ℹ Credentials

The skill declares no required environment variables or credentials. Example workflows show needing a Play service account JSON and keystore secrets (typical and proportional for Play uploads). Because the skill will prompt about CI/keys during setup, users must avoid pasting raw credentials into the skill's memory and should keep secrets in CI secret stores or password managers as recommended.

✓ Persistence & Privilege

always:false and the skill stores data only under a dedicated ~/google-play-store/ folder per its docs. It does not request system-wide configuration changes or elevated privileges and does not modify other skills.

版本历史

v1.0.0

Initial release

元数据

Slug google-play-store

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题