security

Original：🇺🇸 English

Translated

Security review and guidance for iOS, macOS, and watchOS apps. Covers secure storage, biometric authentication, network security, and platform-specific patterns. Use when implementing security features or reviewing code for vulnerabilities.

2installs

Sourcershankras/claude-code-apple-skills

Added on2026-02-07

NPX Install

npx skill4agent add rshankras/claude-code-apple-skills security

SKILL.md Content

View Translation Comparison →

Security Review for Apple Platforms

Comprehensive security guidance for iOS, macOS, and watchOS applications. Reviews code for vulnerabilities and provides secure implementation patterns.

When This Skill Activates

Use this skill when the user:

Asks for "security review" or "security audit"
Wants to implement "secure storage" or "Keychain"
Needs "Face ID", "Touch ID", or "biometric authentication"
Asks about "certificate pinning" or "network security"
Mentions "Data Protection" or "encryption"
Wants to store "sensitive data", "credentials", or "tokens"
Asks about "Secure Enclave" or hardware security

Review Process

Phase 1: Project Discovery

Identify the app's security surface:

bash

# Find security-related code
Grep: "SecItem|Keychain|kSecClass"
Grep: "LAContext|biometryType|evaluatePolicy"
Grep: "URLSession|ATS|NSAppTransportSecurity"
Grep: "CryptoKit|SecKey|CC_SHA"

Determine:

Platform (iOS, macOS, watchOS, or multi-platform)
Sensitive data types (credentials, health data, financial, PII)
Authentication methods in use
Network communication patterns

Phase 2: Secure Storage Review

Load and apply: secure-storage.md

Key areas:

Keychain usage patterns
Data Protection classes
Secure Enclave for keys
Avoiding insecure storage (UserDefaults, files)

Phase 3: Authentication Review

Load and apply: biometric-auth.md

Key areas:

Face ID / Touch ID implementation
Fallback mechanisms
LAContext configuration
Keychain integration with biometrics

Phase 4: Network Security Review

Load and apply: network-security.md

Key areas:

App Transport Security configuration
Certificate pinning
TLS best practices
Secure API communication

Phase 5: Platform-Specific Review

Load and apply: platform-specifics.md

Key areas:

iOS: Data Protection, App Groups, Keychain sharing
macOS: Sandbox, Hardened Runtime, Keychain access
watchOS: Health data, Watch Connectivity security

Output Format

Present findings in this structure:

markdown

# Security Review: [App Name]

**Platform**: iOS / macOS / watchOS / Universal
**Review Date**: [Date]
**Risk Level**: Critical / High / Medium / Low

## Summary

| Category | Status | Issues |
|----------|--------|--------|
| Secure Storage | ✅/⚠️/❌ | X issues |
| Authentication | ✅/⚠️/❌ | X issues |
| Network Security | ✅/⚠️/❌ | X issues |
| Platform Security | ✅/⚠️/❌ | X issues |

---

## 🔴 Critical Vulnerabilities

Security issues that expose user data or enable attacks.

### [Issue Title]

**File**: `path/to/file.swift:123`
**Risk**: [What could happen if exploited]
**OWASP Category**: [If applicable]

**Vulnerable Code**:
```swift
// current insecure code

Secure Implementation:

swift

// fixed secure code

🟠 High Priority Issues

Issues that weaken security posture.

[Same format as above]

🟡 Medium Priority Issues

Issues that should be addressed for defense in depth.

[Same format as above]

🟢 Recommendations

Security hardening suggestions.

[Same format as above]

✅ Security Strengths

What the app does well:

[Strength 1]
[Strength 2]

Action Plan

[Critical] [First fix]
[Critical] [Second fix]
[High] [Third fix] ...


## Priority Classification

### 🔴 Critical
- Credentials stored in plain text or UserDefaults
- Disabled SSL/TLS validation
- Hardcoded secrets or API keys
- SQL injection or code injection vulnerabilities
- Missing authentication on sensitive operations

### 🟠 High
- Keychain without appropriate access controls
- Missing biometric authentication for sensitive data
- Weak cryptographic implementations
- Overly permissive entitlements
- Sensitive data in logs

### 🟡 Medium
- Missing certificate pinning
- Biometric fallback too permissive
- Data Protection class could be stronger
- Missing jailbreak/integrity detection

### 🟢 Low/Recommendations
- Additional hardening measures
- Defense in depth improvements
- Code organization for security clarity

## Quick Checks

### Insecure Storage Detection
```bash
Grep: "UserDefaults.*password|UserDefaults.*token|UserDefaults.*secret|UserDefaults.*apiKey"
Grep: "\.write\(.*credential|\.write\(.*password"
Grep: "let.*apiKey.*=.*\"|let.*secret.*=.*\""

Insecure Network Detection

bash

Grep: "http://(?!localhost|127\.0\.0\.1)"
Grep: "AllowsArbitraryLoads.*true"
Grep: "serverTrust|URLAuthenticationChallenge.*useCredential"

Sensitive Data in Logs

bash

Grep: "print\(.*password|print\(.*token|NSLog.*credential"
Grep: "Logger.*password|os_log.*secret"

References

secure-storage.md - Keychain, Data Protection, Secure Enclave
biometric-auth.md - Face ID, Touch ID, LAContext
network-security.md - ATS, certificate pinning, TLS
platform-specifics.md - iOS vs macOS vs watchOS

External Resources

Security Review for Apple Platforms

Comprehensive security guidance for iOS, macOS, and watchOS applications. Reviews code for vulnerabilities and provides secure implementation patterns.

When This Skill Activates

Use this skill when the user:

Asks for "security review" or "security audit"
Wants to implement "secure storage" or "Keychain"
Needs "Face ID", "Touch ID", or "biometric authentication"
Asks about "certificate pinning" or "network security"
Mentions "Data Protection" or "encryption"
Wants to store "sensitive data", "credentials", or "tokens"
Asks about "Secure Enclave" or hardware security

Review Process

Phase 1: Project Discovery

Identify the app's security surface:

bash

# Find security-related code
Grep: "SecItem|Keychain|kSecClass"
Grep: "LAContext|biometryType|evaluatePolicy"
Grep: "URLSession|ATS|NSAppTransportSecurity"
Grep: "CryptoKit|SecKey|CC_SHA"

Determine:

Platform (iOS, macOS, watchOS, or multi-platform)
Sensitive data types (credentials, health data, financial, PII)
Authentication methods in use
Network communication patterns

Phase 2: Secure Storage Review

Load and apply: secure-storage.md

Key areas:

Keychain usage patterns
Data Protection classes
Secure Enclave for keys
Avoiding insecure storage (UserDefaults, files)

Phase 3: Authentication Review

Load and apply: biometric-auth.md

Key areas:

Face ID / Touch ID implementation
Fallback mechanisms
LAContext configuration
Keychain integration with biometrics

Phase 4: Network Security Review

Load and apply: network-security.md

Key areas:

App Transport Security configuration
Certificate pinning
TLS best practices
Secure API communication

Phase 5: Platform-Specific Review

Load and apply: platform-specifics.md

Key areas:

iOS: Data Protection, App Groups, Keychain sharing
macOS: Sandbox, Hardened Runtime, Keychain access
watchOS: Health data, Watch Connectivity security

Output Format

Present findings in this structure:

markdown

# Security Review: [App Name]

**Platform**: iOS / macOS / watchOS / Universal
**Review Date**: [Date]
**Risk Level**: Critical / High / Medium / Low

## Summary

| Category | Status | Issues |
|----------|--------|--------|
| Secure Storage | ✅/⚠️/❌ | X issues |
| Authentication | ✅/⚠️/❌ | X issues |
| Network Security | ✅/⚠️/❌ | X issues |
| Platform Security | ✅/⚠️/❌ | X issues |

---

## 🔴 Critical Vulnerabilities

Security issues that expose user data or enable attacks.

### [Issue Title]

**File**: `path/to/file.swift:123`
**Risk**: [What could happen if exploited]
**OWASP Category**: [If applicable]

**Vulnerable Code**:
```swift
// current insecure code

Secure Implementation:

swift

// fixed secure code

🟠 High Priority Issues

Issues that weaken security posture.

[Same format as above]

🟡 Medium Priority Issues

Issues that should be addressed for defense in depth.

[Same format as above]

🟢 Recommendations

Security hardening suggestions.

[Same format as above]

✅ Security Strengths

What the app does well:

[Strength 1]
[Strength 2]

Action Plan

[Critical] [First fix]
[Critical] [Second fix]
[High] [Third fix] ...


## Priority Classification

### 🔴 Critical
- Credentials stored in plain text or UserDefaults
- Disabled SSL/TLS validation
- Hardcoded secrets or API keys
- SQL injection or code injection vulnerabilities
- Missing authentication on sensitive operations

### 🟠 High
- Keychain without appropriate access controls
- Missing biometric authentication for sensitive data
- Weak cryptographic implementations
- Overly permissive entitlements
- Sensitive data in logs

### 🟡 Medium
- Missing certificate pinning
- Biometric fallback too permissive
- Data Protection class could be stronger
- Missing jailbreak/integrity detection

### 🟢 Low/Recommendations
- Additional hardening measures
- Defense in depth improvements
- Code organization for security clarity

## Quick Checks

### Insecure Storage Detection
```bash
Grep: "UserDefaults.*password|UserDefaults.*token|UserDefaults.*secret|UserDefaults.*apiKey"
Grep: "\.write\(.*credential|\.write\(.*password"
Grep: "let.*apiKey.*=.*\"|let.*secret.*=.*\""

Insecure Network Detection

bash

Grep: "http://(?!localhost|127\.0\.0\.1)"
Grep: "AllowsArbitraryLoads.*true"
Grep: "serverTrust|URLAuthenticationChallenge.*useCredential"

Sensitive Data in Logs

bash

Grep: "print\(.*password|print\(.*token|NSLog.*credential"
Grep: "Logger.*password|os_log.*secret"

References

secure-storage.md - Keychain, Data Protection, Secure Enclave
biometric-auth.md - Face ID, Touch ID, LAContext
network-security.md - ATS, certificate pinning, TLS
platform-specifics.md - iOS vs macOS vs watchOS

security

NPX Install

Tags

SKILL.md Content

Security Review for Apple Platforms

When This Skill Activates

Review Process

Phase 1: Project Discovery

Phase 2: Secure Storage Review

Phase 3: Authentication Review

Phase 4: Network Security Review

Phase 5: Platform-Specific Review

Output Format

🟠 High Priority Issues

🟡 Medium Priority Issues

🟢 Recommendations

✅ Security Strengths

Action Plan

Insecure Network Detection

Sensitive Data in Logs

References

External Resources

security

NPX Install

Tags

SKILL.md Content

Security Review for Apple Platforms

When This Skill Activates

Review Process

Phase 1: Project Discovery

Phase 2: Secure Storage Review

Phase 3: Authentication Review

Phase 4: Network Security Review

Phase 5: Platform-Specific Review

Output Format

🟠 High Priority Issues

🟡 Medium Priority Issues

🟢 Recommendations

✅ Security Strengths

Action Plan

Insecure Network Detection

Sensitive Data in Logs

References

External Resources