asc-build-lifecycle

Warn

Audited by Socket on Jun 14, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill is mostly aligned with its stated App Store Connect build-management purpose, but it carries meaningful risk because it uses an unofficial CLI that receives Apple credentials and can publish or expire builds. This is better classified as suspicious/high-vulnerability than malicious: coherent purpose, no obvious hidden exfiltration, but third-party credential handling and autonomous release actions are significant.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 14, 2026, 08:51 AM
Package URL
pkg:socket/skills-sh/ehmo%2Fapp-store-connect-cli-skills%2Fasc-build-lifecycle%2F@292b167682e4c3630802426817cf22951355a45cccfd37dd9e400f7d22240a46
Security Audit — socket — asc-build-lifecycle