Skip to main content

apple-developer-apis

Facilitates integration with Apple Developer APIs for managing apps, subscriptions, and authentication using JWT.

Install this skill

or
52/100

Security score

The apple-developer-apis skill was audited on Feb 9, 2026 and we found 20 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 148

Template literal with variable interpolation in command context

SourceSKILL.md
148'Authorization': `Bearer ${jwt}`,
low line 144

Fetch to external URL

SourceSKILL.md
144const response = await fetch(
low line 385

Fetch to external URL

SourceSKILL.md
385const response = await fetch('https://appleid.apple.com/auth/token', {
low line 437

Fetch to external URL

SourceSKILL.md
437await fetch('https://appleid.apple.com/auth/revoke', {
medium line 8

Webhook reference - potential data exfiltration

SourceSKILL.md
8webhooks, (3) Creating JWT tokens for Apple API authentication, (4) Managing TestFlight
medium line 23

Webhook reference - potential data exfiltration

SourceSKILL.md
23- **App Store Server Notifications**: Receive webhook events for subscription lifecycle
medium line 248

Webhook reference - potential data exfiltration

SourceSKILL.md
248Webhooks for subscription lifecycle events.
medium line 305

Webhook reference - potential data exfiltration

SourceSKILL.md
305### Webhook Handler (Node.js)
medium line 525

Webhook reference - potential data exfiltration

SourceSKILL.md
5254. **Implement webhook verification** - Validate all incoming notifications
medium line 557

Webhook reference - potential data exfiltration

SourceSKILL.md
557- See `references/server-notifications.md` - Webhook event structures
low line 106

External URL reference

SourceSKILL.md
106**Base URL:** `https://api.appstoreconnect.apple.com/v1`
low line 145

External URL reference

SourceSKILL.md
145'https://api.appstoreconnect.apple.com/v1/apps?fields[apps]=name,bundleId&limit=10',
low line 161

External URL reference

SourceSKILL.md
161**Base URL (Production):** `https://api.storekit.itunes.apple.com`
low line 162

External URL reference

SourceSKILL.md
162**Base URL (Sandbox):** `https://api.storekit-sandbox.itunes.apple.com`
low line 340

External URL reference

SourceSKILL.md
340**Base URL:** `https://appleid.apple.com`
low line 365

External URL reference

SourceSKILL.md
365audience: 'https://appleid.apple.com',
low line 385

External URL reference

SourceSKILL.md
385const response = await fetch('https://appleid.apple.com/auth/token', {
low line 412

External URL reference

SourceSKILL.md
412const client = jwksClient({ jwksUri: 'https://appleid.apple.com/auth/keys' });
low line 420

External URL reference

SourceSKILL.md
420issuer: 'https://appleid.apple.com',
low line 437

External URL reference

SourceSKILL.md
437await fetch('https://appleid.apple.com/auth/revoke', {
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapimobilemobile-developerproduct-managergrowth-pmdevelopmentproduct
majiayu000/claude-skill-registry