A community-driven registry for Claude, Cursor, Windsurf, Cline & more. Not affiliated with Anthropic.
Are you the author? Sign in to claim
A collection of Claude Code and OpenAI Codex Agent Skills for mobile application security testing
A shareable collection of Claude Code Agent Skills for mobile application security testing, built on:
| Skill | MASVS Category | Description |
|---|---|---|
| secure-storage-audit | MASVS-STORAGE | Audit data-at-rest: local storage, logs, backups, clipboard, keyboard cache |
| crypto-review | MASVS-CRYPTO | Review encryption algorithms, key management, RNG, hardcoded secrets |
| auth-assessment | MASVS-AUTH | Assess login flows, biometric auth, session management, step-up auth |
| network-security-check | MASVS-NETWORK | Check TLS config, certificate pinning, cleartext traffic, cert validation |
| platform-interaction-review | MASVS-PLATFORM | Review IPC, WebViews, deep links, content providers, UI security |
| code-quality-scan | MASVS-CODE | Scan dependencies, input validation, injection flaws, platform versions |
| resilience-assessment | MASVS-RESILIENCE | Assess anti-tampering, root/jailbreak detection, obfuscation, anti-debug |
| privacy-audit | MASVS-PRIVACY | Audit permissions, tracking, consent, data minimization, user controls |
| Skill | Description |
|---|---|
| mobile-threat-model | Generate STRIDE threat models mapped to MASVS controls with NowSecure risk tiering |
| masvs-checklist | Generate tailored MASVS v2 compliance checklists with MASTG test mappings |
| secure-mobile-dev-guide | Interactive secure development guidance with code examples for Android and iOS |
| mobile-pentest-plan | Generate comprehensive penetration testing plans based on MASTG methodology |
Add to your project's .claude/settings.json:
{
"plugins": [
"/path/to/mastg-skills"
]
}
Copy the skills/ directory into your project's .claude/skills/ directory:
cp -r skills/* /path/to/your-project/.claude/skills/
Copy into your personal Claude Code skills directory:
cp -r skills/* ~/.claude/skills/
Skills are invoked automatically by Claude Code when relevant, or manually:
# Run a specific audit against your codebase
/secure-storage-audit ./path/to/mobile/app
/crypto-review ./path/to/mobile/app
/network-security-check ./path/to/mobile/app
# Generate compliance artifacts
/masvs-checklist ./path/to/mobile/app
/mobile-threat-model ./path/to/mobile/app
/mobile-pentest-plan ./path/to/mobile/app
# Get secure development guidance
/secure-mobile-dev-guide how to store tokens securely
/secure-mobile-dev-guide certificate pinning implementation
All 8 MASVS control groups are covered with 24 individual controls:
| Category | Controls | Skills |
|---|---|---|
| MASVS-STORAGE | 2 controls | secure-storage-audit |
| MASVS-CRYPTO | 2 controls | crypto-review |
| MASVS-AUTH | 3 controls | auth-assessment |
| MASVS-NETWORK | 2 controls | network-security-check |
| MASVS-PLATFORM | 3 controls | platform-interaction-review |
| MASVS-CODE | 4 controls | code-quality-scan |
| MASVS-RESILIENCE | 4 controls | resilience-assessment |
| MASVS-PRIVACY | 4 controls | privacy-audit |
Skills apply NowSecure's tiered security policy model:
1000+ skills curated from Anthropic, Vercel, Stripe, and other engineering teams
Claude Code skill for YouTube creators — channel audits, video SEO, retention scripts, thumbnails, content strategy, Sho
Design enforcement with memory — keeps your UI consistent across a project
AI image generation skill for Claude Code -- Creative Director powered by Gemini