login
matiastripode

ios-security

by @matiastripode in Development
0
0
# Install this skill:
npx skills add matiastripode/ios-agent-skills --skill "ios-security"

Install specific skill from multi-skill repository

# Description

Reviews iOS/Swift code for security vulnerabilities, data protection issues, and privacy compliance including OWASP Mobile Top 10

# SKILL.md

name: ios-security
description: Reviews iOS/Swift code for security vulnerabilities, data protection issues, and privacy compliance including OWASP Mobile Top 10

iOS Security

An agent skill for reviewing iOS/Swift code for security vulnerabilities, data protection issues, and privacy compliance.

When to Activate

  • User asks for a security review of iOS code
  • User asks about secure storage, networking, or authentication
  • User runs /ios-security-check
  • Code involves: Keychain, UserDefaults with sensitive data, networking, authentication, file storage, or privacy-related APIs

Decision Tree

What area of code is being reviewed?
β”œβ”€β”€ Data Storage
β”‚   β”œβ”€β”€ Credentials, tokens, secrets β†’ references/keychain-usage.md
β”‚   β”œβ”€β”€ Files, databases, backups β†’ references/data-protection.md
β”‚   └── UserDefaults β†’ Flag if storing sensitive data
β”œβ”€β”€ Networking
β”‚   β”œβ”€β”€ API calls, URLSession β†’ references/network-security.md
β”‚   β”œβ”€β”€ Hardcoded URLs, API keys β†’ references/network-security.md
β”‚   └── ATS configuration β†’ references/network-security.md
β”œβ”€β”€ Privacy
β”‚   β”œβ”€β”€ Privacy manifest β†’ references/privacy-manifest.md
β”‚   β”œβ”€β”€ Tracking, analytics β†’ references/privacy-manifest.md
β”‚   └── Required reason APIs β†’ references/privacy-manifest.md
└── General Security Audit
    └── Walk through references/owasp-mobile-top10.md

Severity Levels

  • CRITICAL: Direct data exposure, hardcoded secrets, no encryption on sensitive data
  • HIGH: Missing certificate pinning on auth endpoints, weak Keychain configuration
  • MEDIUM: Missing privacy manifest entries, ATS exceptions without justification
  • LOW: Debug logging of sensitive data, clipboard exposure

Output Format

### [SEVERITY] Finding Title
- **Category:** Storage / Networking / Privacy / Authentication
- **File:** path/to/file.swift:line
- **Risk:** What could go wrong
- **Fix:** How to remediate
- **Reference:** Which reference doc

Reference Documents

  • references/keychain-usage.md - Secure storage with Keychain
  • references/network-security.md - ATS, certificate pinning, API keys
  • references/data-protection.md - File encryption, backups, clipboard
  • references/privacy-manifest.md - iOS 17+ privacy requirements
  • references/owasp-mobile-top10.md - OWASP Mobile Top 10 for iOS

# Related Skills

facebook
feature-flags @facebook

Use when feature flag tests fail, flags need updating, understanding @gate pragmas, debugging...

β˜… 242,571
facebook
fix @facebook

Use when you have lint errors, formatting issues, or before committing code to ensure it passes CI.

β˜… 242,571
facebook
flags @facebook

Use when you need to check feature flag states, compare channels, or debug why a feature behaves...

β˜… 242,571

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.