Connexion
matiastripode

ios-security

by @matiastripode in Development
0
0
# Install this skill:
npx skills add matiastripode/ios-agent-skills --skill "ios-security"

Install specific skill from multi-skill repository

# Description

Reviews iOS/Swift code for security vulnerabilities, data protection issues, and privacy compliance including OWASP Mobile Top 10

# SKILL.md

name: ios-security
description: Reviews iOS/Swift code for security vulnerabilities, data protection issues, and privacy compliance including OWASP Mobile Top 10

iOS Security

An agent skill for reviewing iOS/Swift code for security vulnerabilities, data protection issues, and privacy compliance.

When to Activate

  • User asks for a security review of iOS code
  • User asks about secure storage, networking, or authentication
  • User runs /ios-security-check
  • Code involves: Keychain, UserDefaults with sensitive data, networking, authentication, file storage, or privacy-related APIs

Decision Tree

What area of code is being reviewed?
├── Data Storage
│   ├── Credentials, tokens, secrets → references/keychain-usage.md
│   ├── Files, databases, backups → references/data-protection.md
│   └── UserDefaults → Flag if storing sensitive data
├── Networking
│   ├── API calls, URLSession → references/network-security.md
│   ├── Hardcoded URLs, API keys → references/network-security.md
│   └── ATS configuration → references/network-security.md
├── Privacy
│   ├── Privacy manifest → references/privacy-manifest.md
│   ├── Tracking, analytics → references/privacy-manifest.md
│   └── Required reason APIs → references/privacy-manifest.md
└── General Security Audit
    └── Walk through references/owasp-mobile-top10.md

Severity Levels

  • CRITICAL: Direct data exposure, hardcoded secrets, no encryption on sensitive data
  • HIGH: Missing certificate pinning on auth endpoints, weak Keychain configuration
  • MEDIUM: Missing privacy manifest entries, ATS exceptions without justification
  • LOW: Debug logging of sensitive data, clipboard exposure

Output Format

### [SEVERITY] Finding Title
- **Category:** Storage / Networking / Privacy / Authentication
- **File:** path/to/file.swift:line
- **Risk:** What could go wrong
- **Fix:** How to remediate
- **Reference:** Which reference doc

Reference Documents

  • references/keychain-usage.md - Secure storage with Keychain
  • references/network-security.md - ATS, certificate pinning, API keys
  • references/data-protection.md - File encryption, backups, clipboard
  • references/privacy-manifest.md - iOS 17+ privacy requirements
  • references/owasp-mobile-top10.md - OWASP Mobile Top 10 for iOS

# Related Skills

facebook
feature-flags @facebook

Use when feature flag tests fail, flags need updating, understanding @gate pragmas, debugging...

★ 242,571
facebook
fix @facebook

Use when you have lint errors, formatting issues, or before committing code to ensure it passes CI.

★ 242,571
facebook
flags @facebook

Use when you need to check feature flag states, compare channels, or debug why a feature behaves...

★ 242,571

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

Amp 🚀 Antigravity 🤖 Claude Code 🦀 Clawdbot 📝 Codex ▶️ Cursor 🤖 Droid 💎 Gemini CLI 🐙 GitHub Copilot 🪿 Goose 📊 Kilo Code 🔧 Kiro CLI 💻 OpenCode 🦘 Roo Code 🌲 Trae 🏄 Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.