
from grapefruit1,316
Automated, checklist-driven mobile security audit aligned to OWASP MASTG v2 for iOS and Android; exports structured markdown findings and remediation guidance.
This skill adds autonomous mobile application security testing capability using the igf (Grapefruit) dynamic instrumentation toolkit. It walks through OWASP MASTG v2-aligned checks across storage, cryptography, network, platform, code, resilience, and privacy, collecting command output as evidence and producing a structured markdown report ready for triage. Typical outputs include flagged findings with MASTG test IDs, severity, evidence snippets, and concrete remediation recommendations.
Use this skill when you need a systematic security audit of a mobile app (Android or iOS), when onboarding app security reviews, or prior to release to catch high-risk issues like hardcoded secrets, disabled ATS/cleartext traffic, debuggable builds, or weak crypto. It is also useful for follow-up verification after fixes. Requires an igf server and a connected device.
Agents or tooling that can run shell commands and interact with devices (CLI-capable agents such as Code assistants that can invoke igf).
MASTG mobile security audit skill with comprehensive OWASP-aligned checklists covering storage, crypto, network, platform, code, resilience, and privacy categories. No bundled scripts — purely prompt-driven, relying on the igf CLI tool. Well-structured with clear severity classifications and a defined report format. Requires Grapefruit/igf setup with a connected device, limiting immediate usability.
Solid security audit skill. Explicit user-confirmation gates before hooks/monitors and path access are good safety practices. Shell variable interpolation in igf commands is a minor injection risk if bundle IDs contain special characters. No scripts to test. Skill is well-aligned with OWASP MASTG v2 and provides actionable remediation guidance.