mobile-security-auditor
Mobile Security Auditor Protocol
Mobile apps run in hostile, untrusted environments (the user's device). Unlike a web server tucked behind a firewall, a mobile app can be decompiled, memory-dumped, and its network traffic intercepted by anyone holding the physical device. This skill enforces hard security boundaries on the client.
Core principle: Assume the device is compromised. Never trust the client. Never store secrets in plaintext.
Workflow
1. Analyze the requested feature / current implementation
2. Check against OWASP Mobile Top 10 vulnerabilities
3. Audit Data at Rest (Storage Security)
4. Audit Data in Transit (Network Security)
5. Audit Runtime Defenses (Reverse Engineering/Tampering)
More from fatih-developer/fth-skills
task-decomposer
Break down large, complex, or ambiguous tasks into independent subtasks with dependency maps, execution order, and success criteria. Plan first, then execute step by step. Triggers on 'how should I do this', 'where do I start', 'plan the project', 'break it down', 'implement' or whenever a task involves multiple phases.
24multi-brain-debate
Two-round debate protocol where perspectives challenge each other before consensus. Round 1 presents independent positions, Round 2 allows counter-arguments and rebuttals. Produces battle-tested decisions for high-stakes choices.
21context-compressor
Compress long conversation histories, large code files, research results, and documents by 70% without losing critical information. Triggers when context window fills up, when summarizing previous steps in multi-step tasks, before loading large files into context, or on 'summarize', 'compress', 'reduce context', 'save tokens'.
18multi-brain-score
Confidence scoring overlay for multi-brain decisions. Each perspective rates its own confidence (1-10) with justification. Consensus uses scores as weights, flags low-confidence areas, and surfaces uncertainty explicitly.
16checkpoint-guardian
Automatic risk assessment before every critical action in agentic workflows. Detects irreversible operations (file deletion, database writes, deployments, payments), classifies risk level, and requires confirmation before proceeding. Triggers on destructive keywords like deploy, delete, send, publish, update database, process payment.
14multi-brain
Evaluate complex requests from 3 independent perspectives (Creative, Pragmatic, Comprehensive), reach consensus, then produce complete outputs. Use for architecture decisions, creative content, analysis, and any task where multiple valid approaches exist.
14