App Store Optimization toolkit for researching keywords, optimizing metadata, and tracking mobile app performance on Apple App Store and Google Play Store.
Security Analysis
medium confidenceThe package and runtime instructions are internally consistent with an App Store Optimization toolkit — the included Python modules match the described capabilities and no unexplained credentials, installs, or system-wide privileges are requested — but you should review the Python scripts before running them because running arbitrary code carries risk.
The skill name/description (ASO) align with the contents: keyword/metadata/competitor/review/A-B test workflows and eight Python modules that implement those features. Required env vars, binaries, and config paths are appropriately empty for a local analysis toolkit.
SKILL.md and HOW_TO_USE.md instruct the agent to run the included analyzer/optimizer scripts and to provide app metadata and review text. The instructions do not ask the agent to read unrelated system files, request unrelated credentials, or exfiltrate data to unknown endpoints. They do instruct users how to copy the skill into their ~/.claude/skills directory (i.e., place files on disk) which is expected for a local skill.
There is no automated install spec (lowest installer risk), but the package includes multiple Python scripts and no requirements.txt or dependency list. Running these modules will execute arbitrary Python code on the host — review for network calls, filesystem writes, or subprocess usage before running. The README's manual copy-to-folder approach means the code will be placed and possibly executed locally by the agent.
The skill declares no required environment variables, no primary credential, and no config paths. That is proportionate for an ASO research/analysis toolkit. Note: some realistic ASO workflows rely on external APIs or scraping; if the scripts later prompt for API keys (e.g., App Store Connect, Google Play, or third-party ASO services), those keys should be requested explicitly before use.
always:false and no claims of modifying other skills or system-wide settings. The skill requires copying files to the user's skill folder to be available but does not request elevated or permanent platform privileges in the metadata.
Guidance
This skill looks coherent for ASO work, but treat the included Python scripts as untrusted code until you inspect them. Before installing or running: 1) Open the scripts (keyword_analyzer.py, competitor_analyzer.py, etc.) and search for outbound network calls (requests, urllib, aiohttp), hardcoded endpoints, IP addresses, or embedded tokens; 2) Search for dangerous operations (subprocess/exec/os.system/open/write to sensitive paths); 3) If network access is needed, verify which endpoints are contacted and whether you must supply API keys — those should be asked for explicitly, not silently read from your environment; 4) Run the code in an isolated environment (container or VM) and with limited network access if possible; 5) Prefer a requirements.txt or explicit dependency list and examine third-party libraries; 6) Check the author/source reputation (source is unknown here) and consider running automated static scans. If you want, paste the contents of the main Python files or list their import/HTTP patterns and I can point out any suspicious code or endpoints.
Latest Release
v1.0.0
- Initial release of the App Store Optimization (ASO) toolkit. - Provides workflows for keyword research, metadata optimization, competitor analysis, and app launch. - Includes best practices, validation steps, evaluation criteria, and platform requirements for Apple App Store and Google Play Store. - Supports triggers for app ranking, visibility, marketing, and conversion rate improvement.
More by @alirezarezvani
Published by @alirezarezvani on ClawHub
