技能 Mobile Security Coder
📦
Mobile Security Coder
安全
在专家指导下开发安全的移动应用程序
移动开发者常常面临平台特定的安全漏洞和复杂的防护模式问题。本技能提供经过实战检验的移动安全实现方案,适用于iOS、Android和跨平台应用程序。
支持: Claude Codex Code(CC)
1
下载技能 ZIP
2
在 Claude 中上传
前往 设置 → 功能 → 技能 → 上传技能
3
开启并开始使用
测试它
正在使用“Mobile Security Coder”。 Configure secure WebView for loading third-party content
预期结果:
- Enable HTTPS-only URL loading with domain allowlist validation
- Disable JavaScript by default, enable only for trusted domains with specific feature restrictions
- Implement Content Security Policy with strict script-src directive
- Configure cookie isolation and prevent third-party cookie access
- Disable file access and local storage for untrusted content
- Set custom user agent to prevent fingerprinting and enforce security policies
正在使用“Mobile Security Coder”。 Implement secure credential storage for mobile app
预期结果:
- Use iOS Keychain with kSecAttrAccessibleWhenUnlocked for biometric-protected secrets
- Use Android Keystore with StrongBox or TEE-backed key generation
- Derive encryption keys using PBKDF2 or Argon2 with device-specific salt
- Exclude sensitive files from cloud backup with proper file protection flags
- Clear sensitive data from memory after use with secure memory wiping
- Implement key rotation and re-encryption for long-term stored credentials
安全审计
安全v1 • 2/25/2026
Prompt-only skill with no executable code. Static analysis found zero security issues (risk score 0/100). Content provides legitimate mobile security guidance aligned with OWASP MASVS standards. No code execution, network access, or filesystem operations present.
0
已扫描文件
0
分析行数
0
发现项
1
审计总数
未发现安全问题
审计者: claude
质量评分
38
架构
100
可维护性
87
内容
50
社区
100
安全
74
规范符合性
你能构建什么
安全的WebView实现
配置WebView以进行URL白名单验证、JavaScript控件、内容安全策略和安全Cookie处理,防止注入攻击和数据泄露
生物识别认证设置
实现Touch ID、Face ID或指纹认证,配备安全的后备机制和受生物识别保护的凭证存储
跨平台安全配置
为React Native桥接通信、Flutter平台通道和Xamarin原生互操作应用安全模式,并进行输入验证
试试这些提示
Basic WebView Security
Help me configure a secure WebView for my iOS application. I need to load only trusted HTTPS URLs and prevent JavaScript injection attacks. What are the essential security settings I should enable?
Biometric Authentication Implementation
I need to add fingerprint authentication to my Android app with a secure fallback to PIN. Guide me through implementing biometric authentication using the Android Keystore system with proper error handling and security considerations.
Secure API Communication
My React Native app communicates with a REST API handling sensitive user data. Help me implement certificate pinning, secure token storage, and protection against man-in-the-middle attacks. Include code examples for both iOS and Android.
Comprehensive Mobile Security Audit
Review my mobile application architecture for security vulnerabilities. The app uses React Native with native modules, stores user credentials locally, and communicates with multiple backend services. Provide a threat model, identify potential attack vectors, and recommend specific security controls for each layer including data storage, network communication, authentication, and code protection.
最佳实践
- Enforce HTTPS-only communication with certificate pinning to prevent man-in-the-middle attacks
- Store credentials in platform-specific secure storage (Keychain, Keystore) with biometric protection
- Validate and sanitize all external inputs including deep links, push notifications, and sensor data
避免
- Storing sensitive data in UserDefaults, SharedPreferences, or unencrypted files
- Disabling SSL certificate validation or accepting all certificates in production
- Logging sensitive information like tokens, credentials, or personal data to console
常见问题
What is the difference between this skill and security-auditor?
This skill focuses on hands-on mobile security coding and implementation of secure patterns. Security-auditor performs high-level security assessments, compliance reviews, and threat modeling. Use this for writing secure mobile code, security-auditor for evaluating existing security posture.
Does this skill support both iOS and Android development?
Yes, this skill covers platform-specific security for both iOS and Android, as well as cross-platform frameworks including React Native, Flutter, Xamarin, and Cordova. It provides implementation guidance tailored to each platform's security model.
Can this skill help with OWASP MASVS compliance?
Yes, the skill aligns recommendations with OWASP Mobile Application Security Verification Standard (MASVS) guidelines. It can help implement controls for data storage, cryptography, authentication, network communication, and code protection requirements.
Does this skill provide actual security testing or code execution?
No, this skill provides implementation guidance and security recommendations only. It does not execute code, perform penetration testing, or conduct automated security scans. All recommendations require developer implementation and validation.
What mobile authentication methods does this skill support?
This skill covers biometric authentication (Touch ID, Face ID, fingerprint), multi-factor authentication with TOTP, OAuth with PKCE for mobile flows, JWT token handling, and session management including background/foreground transitions and secure token refresh.
How does this skill handle WebView security concerns?
This skill provides comprehensive WebView security guidance including URL allowlisting, JavaScript controls, Content Security Policy implementation, secure cookie handling, file access restrictions, and regular cache cleanup to prevent injection attacks and data leakage.