| name | apple-secure-coding |
| description | Secure coding and security review for Apple platforms: threat modeling (STRIDE, attacker profiles), Keychain and Secure Enclave storage, CryptoKit cryptography, network security (ATS, certificate pinning, TLS), input validation (deep links, URL schemes, WebView hardening), jailbreak/integrity checks, and security code-review methodology. Use when writing or reviewing security-sensitive code (auth, storage, crypto, network handlers, deep links). For Xcode build-setting hardening (Enhanced Security, bounds safety) use audit-xcode-security-settings.
|
| allowed-tools | ["Read","Glob","Grep"] |
Apple Secure Coding
Security knowledge for Apple-platform code. Load references/_guide.md first,
then specific references as the review demands.
References
Load: references/_guide.md
| Topic | Reference |
|---|
| STRIDE analysis, attacker profiles | references/threat-modeling.md |
| Keychain, Secure Enclave, file protection | references/secure-storage.md |
| CryptoKit, key generation | references/cryptography.md |
| ATS, cert pinning, TLS | references/network-security.md |
| Deep links, WebView hardening | references/input-validation.md |
| Review checklists, methodology | references/code-review.md |
| Jailbreak detection, integrity | references/integrity-checks.md |
Quick Checklist (Security-Sensitive Code)
Related Skills
| Need | Skill |
|---|
| Primary-source Apple security docs lookup | apple-docs |
| Xcode hardening build settings, Enhanced Security entitlement | audit-xcode-security-settings |
C bounds-safety annotations (-fbounds-safety) | c-bounds-safety |
| Language-level safety (typed errors, value types) | swift |
| Security-focused execution contract | planner (security-audit template) |