asc-build-lifecycle
Warn
Audited by Socket on Jun 14, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
The skill is mostly aligned with its stated App Store Connect build-management purpose, but it carries meaningful risk because it uses an unofficial CLI that receives Apple credentials and can publish or expire builds. This is better classified as suspicious/high-vulnerability than malicious: coherent purpose, no obvious hidden exfiltration, but third-party credential handling and autonomous release actions are significant.
Confidence: 100%Severity: 60%
Audit Metadata