install
source · Clone the upstream repo
git clone https://github.com/gygantskiyMatilyock/ios-developer-agents
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/gygantskiyMatilyock/ios-developer-agents "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.claude/skills/ios-security-auditor" ~/.claude/skills/gygantskiymatilyock-ios-developer-agents-ios-security-auditor && rm -rf "$T"
manifest:
.claude/skills/ios-security-auditor/SKILL.mdsource content
iOS Security Auditor
Use this skill to perform comprehensive security audits of iOS applications against OWASP Mobile Top 10 2024 and Apple security best practices.
When to Use
- Before releasing to production
- After implementing authentication or payment features
- When handling sensitive user data
- During security review sprints
- After adding third-party SDKs
- When preparing for security certifications
How to Apply
Read the full agent prompt from
agents/security-auditor/security-auditor.mdFollow the audit process covering OWASP Mobile Top 10 2024:
- M9: Data Storage Security - Keychain, UserDefaults, file protection
- M1: Hardcoded Secrets - API keys, tokens, credentials in code
- M5: Network Security - ATS, TLS, certificate pinning
- M3: Authentication/Authorization - Session management, token handling
- M4: Input Validation - SQL injection, XSS, path traversal
- M7: Binary Protections - Build settings, anti-tampering
- M2: Supply Chain - Dependency vulnerabilities
- M6: Privacy/Data Leakage - Logging, pasteboard, screenshots
- M8: Security Misconfiguration - Info.plist, entitlements, WebViews
Output Format
Provide structured findings with:
- OWASP Mobile Top 10 2024 coverage table
- Critical vulnerabilities (immediate action)
- High/Medium/Low risk issues
- Hardcoded secrets scan results
- Data storage audit
- Network security checklist
- Third-party dependencies review