{ "schemaVersion": "1.0", "item": { "slug": "auditing-appstore-readiness", "name": "Audit App Store Readiness", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/tristanmanchester/auditing-appstore-readiness", "canonicalUrl": "https://clawhub.ai/tristanmanchester/auditing-appstore-readiness", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/auditing-appstore-readiness", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=auditing-appstore-readiness", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "scripts/audit.mjs", "references/react-native.md", "references/native-ios.md", "references/report-template.md", "references/expo.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/auditing-appstore-readiness" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/auditing-appstore-readiness", "agentPageUrl": "https://openagent3.xyz/skills/auditing-appstore-readiness/agent", "manifestUrl": "https://openagent3.xyz/skills/auditing-appstore-readiness/agent.json", "briefUrl": "https://openagent3.xyz/skills/auditing-appstore-readiness/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "App Store Readiness Audit", "body": "This skill reviews an app repository and produces a release readiness report for iOS App Store / TestFlight submission.\n\nIt supports:\n\nNative iOS (Swift/Obj‑C, Xcode project/workspace)\nReact Native (bare)\nExpo (managed or prebuild)" }, { "title": "Quick start (recommended)", "body": "Run the read‑only audit script from the repo root:\n\n{ \"tool\": \"exec\", \"command\": \"node {baseDir}/scripts/audit.mjs --repo . --format md\" }\n\nIf you want JSON output as well:\n\n{ \"tool\": \"exec\", \"command\": \"node {baseDir}/scripts/audit.mjs --repo . --format md --json audit.json\" }\n\nIf the repo is a monorepo, point at the app directory:\n\n{ \"tool\": \"exec\", \"command\": \"node {baseDir}/scripts/audit.mjs --repo apps/mobile --format md\" }" }, { "title": "Output contract", "body": "Always return:\n\nOverall verdict: PASS / WARN / FAIL\nDetected project flavour and key identifiers (bundle id, version, build)\nA list of checks with evidence and remediation steps\nA Publish checklist the developer can tick off\n\nUse: references/report-template.md" }, { "title": "Safety rules (don’t break the repo)", "body": "Default to read‑only commands. Do not run commands that modify the workspace unless:\n\nthe user explicitly asks, or\nthe fix is trivial and clearly desired (then explain what will change first)\n\nExamples of mutating commands:\n\ndependency installs (npm i, yarn, pnpm i, pod install)\nconfig generation (expo prebuild)\nsigning automation (fastlane match)\narchiving (xcodebuild archive, eas build) — creates artefacts and may require signing\n\nIf you must run a mutating command, label it clearly as MUTATING before running." }, { "title": "1) Identify the repo and project flavour", "body": "Prefer scripted detection (audit.mjs). If doing manually:\n\nExpo likely: package.json contains expo and app.json / app.config.* exists\nReact Native (bare): package.json contains react-native and ios/ exists\nNative iOS: *.xcodeproj or *.xcworkspace exists\n\nIf multiple apps exist, pick the one matching the user’s intent; otherwise pick the directory with:\n\na single ios//Info.plist, and\nexactly one .xcodeproj or .xcworkspace near the root." }, { "title": "2) Run static compliance checks (works everywhere)", "body": "Run these checks even without Xcode:\n\nRepo hygiene: clean git status; obvious secrets not committed\niOS identifiers: bundle id, version, build number\nApp icons: includes an App Store (1024×1024) icon\nLaunch screen present\nPrivacy & permissions:\n\nPrivacy manifest present (PrivacyInfo.xcprivacy) or explicitly accounted for\nPermission usage strings present when relevant (camera, location, tracking, etc.)\nAvoid broad ATS exemptions (NSAllowsArbitraryLoads)\n\n\nThird‑party SDK hygiene: licences, privacy manifests, tracking disclosures\nStore listing basics: privacy policy URL exists somewhere in repo/docs; support/contact info\n\nThe script outputs PASS/WARN/FAIL for these." }, { "title": "3) Run build‑accuracy checks (macOS + Xcode, optional but high confidence)", "body": "Only if you have Xcode available (local macOS gateway or a paired macOS node).\n\nRecommended sequence (creates build artefacts):\n\nShow Xcode + SDK versions:\n{ \"tool\": \"exec\", \"command\": \"xcodebuild -version\" }\n\n\nList schemes (project/workspace as detected):\n{ \"tool\": \"exec\", \"command\": \"xcodebuild -list -json -workspace .xcworkspace\" }\nor\n{ \"tool\": \"exec\", \"command\": \"xcodebuild -list -json -project .xcodeproj\" }\n\n\nRelease build for simulator (fast, avoids signing):\n{ \"tool\": \"exec\", \"command\": \"xcodebuild -workspace <...> -scheme <...> -configuration Release -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 15' build\" }\n\n\nIf you need a distribution artefact (MUTATING / signing):\n\nPrefer Fastlane if already configured\nOtherwise xcodebuild archive + xcodebuild -exportArchive\n\nIf build checks aren’t possible, the report must explicitly say so and keep the verdict at WARN (unless there are definite FAIL items)." }, { "title": "4) Produce the final readiness report", "body": "Use references/report-template.md\nInclude a “Go / No‑Go” recommendation:\n\nFAIL → must fix before submitting\nWARN → submission may work, but risk areas remain\nPASS → ready to submit; remaining items are administrative" }, { "title": "Manual checks the agent cannot fully verify", "body": "Always include these as a final checklist section (even if automated checks pass):\n\nApp Store Connect metadata: screenshots, description, keywords, age rating, pricing, categories\nPrivacy Nutrition Labels match actual behaviour\nExport compliance (encryption) answers are correct\nContent/IP rights: licences, third‑party assets, trademarks\nAccount / regional requirements (e.g. EU trader status if applicable)\nIn‑app purchases / subscriptions configured if used\n\nSee: references/manual-checklist.md" }, { "title": "When the user asks “make it compliant”", "body": "Switch to fix mode:\n\nIdentify failing items that can be fixed safely in‑repo (Info.plist strings, PrivacyInfo.xcprivacy template, ATS exceptions tightening, etc.)\nPropose minimal patches and apply with apply_patch\nRe‑run audit.mjs and update the report" }, { "title": "Quick search", "body": "Permissions mapping: references/permissions-map.md\nExpo‑specific checks: references/expo.md\nReact Native iOS checks: references/react-native.md\nNative iOS checks: references/native-ios.md" } ], "body": "App Store Readiness Audit\n\nThis skill reviews an app repository and produces a release readiness report for iOS App Store / TestFlight submission.\n\nIt supports:\n\nNative iOS (Swift/Obj‑C, Xcode project/workspace)\nReact Native (bare)\nExpo (managed or prebuild)\nQuick start (recommended)\n\nRun the read‑only audit script from the repo root:\n\n{ \"tool\": \"exec\", \"command\": \"node {baseDir}/scripts/audit.mjs --repo . --format md\" }\n\nIf you want JSON output as well:\n\n{ \"tool\": \"exec\", \"command\": \"node {baseDir}/scripts/audit.mjs --repo . --format md --json audit.json\" }\n\nIf the repo is a monorepo, point at the app directory:\n\n{ \"tool\": \"exec\", \"command\": \"node {baseDir}/scripts/audit.mjs --repo apps/mobile --format md\" }\n\nOutput contract\n\nAlways return:\n\nOverall verdict: PASS / WARN / FAIL\nDetected project flavour and key identifiers (bundle id, version, build)\nA list of checks with evidence and remediation steps\nA Publish checklist the developer can tick off\n\nUse: references/report-template.md\n\nSafety rules (don’t break the repo)\n\nDefault to read‑only commands. Do not run commands that modify the workspace unless:\n\nthe user explicitly asks, or\nthe fix is trivial and clearly desired (then explain what will change first)\n\nExamples of mutating commands:\n\ndependency installs (npm i, yarn, pnpm i, pod install)\nconfig generation (expo prebuild)\nsigning automation (fastlane match)\narchiving (xcodebuild archive, eas build) — creates artefacts and may require signing\n\nIf you must run a mutating command, label it clearly as MUTATING before running.\n\nMain workflow\n1) Identify the repo and project flavour\n\nPrefer scripted detection (audit.mjs). If doing manually:\n\nExpo likely: package.json contains expo and app.json / app.config.* exists\nReact Native (bare): package.json contains react-native and ios/ exists\nNative iOS: *.xcodeproj or *.xcworkspace exists\n\nIf multiple apps exist, pick the one matching the user’s intent; otherwise pick the directory with:\n\na single ios//Info.plist, and\nexactly one .xcodeproj or .xcworkspace near the root.\n2) Run static compliance checks (works everywhere)\n\nRun these checks even without Xcode:\n\nRepo hygiene: clean git status; obvious secrets not committed\niOS identifiers: bundle id, version, build number\nApp icons: includes an App Store (1024×1024) icon\nLaunch screen present\nPrivacy & permissions:\nPrivacy manifest present (PrivacyInfo.xcprivacy) or explicitly accounted for\nPermission usage strings present when relevant (camera, location, tracking, etc.)\nAvoid broad ATS exemptions (NSAllowsArbitraryLoads)\nThird‑party SDK hygiene: licences, privacy manifests, tracking disclosures\nStore listing basics: privacy policy URL exists somewhere in repo/docs; support/contact info\n\nThe script outputs PASS/WARN/FAIL for these.\n\n3) Run build‑accuracy checks (macOS + Xcode, optional but high confidence)\n\nOnly if you have Xcode available (local macOS gateway or a paired macOS node).\n\nRecommended sequence (creates build artefacts):\n\nShow Xcode + SDK versions: { \"tool\": \"exec\", \"command\": \"xcodebuild -version\" }\n\nList schemes (project/workspace as detected): { \"tool\": \"exec\", \"command\": \"xcodebuild -list -json -workspace .xcworkspace\" } or { \"tool\": \"exec\", \"command\": \"xcodebuild -list -json -project .xcodeproj\" }\n\nRelease build for simulator (fast, avoids signing): { \"tool\": \"exec\", \"command\": \"xcodebuild -workspace <...> -scheme <...> -configuration Release -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 15' build\" }\n\nIf you need a distribution artefact (MUTATING / signing):\n\nPrefer Fastlane if already configured\nOtherwise xcodebuild archive + xcodebuild -exportArchive\n\nIf build checks aren’t possible, the report must explicitly say so and keep the verdict at WARN (unless there are definite FAIL items).\n\n4) Produce the final readiness report\nUse references/report-template.md\nInclude a “Go / No‑Go” recommendation:\nFAIL → must fix before submitting\nWARN → submission may work, but risk areas remain\nPASS → ready to submit; remaining items are administrative\nManual checks the agent cannot fully verify\n\nAlways include these as a final checklist section (even if automated checks pass):\n\nApp Store Connect metadata: screenshots, description, keywords, age rating, pricing, categories\nPrivacy Nutrition Labels match actual behaviour\nExport compliance (encryption) answers are correct\nContent/IP rights: licences, third‑party assets, trademarks\nAccount / regional requirements (e.g. EU trader status if applicable)\nIn‑app purchases / subscriptions configured if used\n\nSee: references/manual-checklist.md\n\nWhen the user asks “make it compliant”\n\nSwitch to fix mode:\n\nIdentify failing items that can be fixed safely in‑repo (Info.plist strings, PrivacyInfo.xcprivacy template, ATS exceptions tightening, etc.)\nPropose minimal patches and apply with apply_patch\nRe‑run audit.mjs and update the report\nQuick search\nPermissions mapping: references/permissions-map.md\nExpo‑specific checks: references/expo.md\nReact Native iOS checks: references/react-native.md\nNative iOS checks: references/native-ios.md" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/tristanmanchester/auditing-appstore-readiness", "publisherUrl": "https://clawhub.ai/tristanmanchester/auditing-appstore-readiness", "owner": "tristanmanchester", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/auditing-appstore-readiness", "downloadUrl": "https://openagent3.xyz/downloads/auditing-appstore-readiness", "agentUrl": "https://openagent3.xyz/skills/auditing-appstore-readiness/agent", "manifestUrl": "https://openagent3.xyz/skills/auditing-appstore-readiness/agent.json", "briefUrl": "https://openagent3.xyz/skills/auditing-appstore-readiness/agent.md" } }