Stats

Actions

Available In

Tags

Audit Skills — Mobile · Tauri · Supabase

Curated set of 68 cybersecurity skills for auditing a stack composed of:

Mobile app (iOS + Android)

Desktop app built with Tauri (Rust core + system WebView)

Backend on Supabase (Postgres + GoTrue auth + Storage + Edge Functions)

Plus deep-dive audit references in docs/, production-ready audit tools in tools/, and drop-in templates for CI and threat modeling in templates/.

Each skill is a structured SKILL.md with YAML frontmatter and a Markdown body (When to Use / Prerequisites / Workflow / Key Concepts / Tools & Systems / Common Scenarios / Output Format), designed to be loaded into an AI agent (Claude Code, Cursor, etc.) on demand.

This is a personal fork, curated from the upstream mukul975/Anthropic-Cybersecurity-Skills library. All ~700 skills not relevant to this stack have been removed.

Audit playbook — by phase

The 67 skills are organised below in the order a real audit would run them.

1. Threat modelling (start here)

Skill

Purpose

performing-threat-modeling-with-owasp-threat-dragon

STRIDE on the full architecture: mobile → API → Postgres → Edge Functions

2. Static analysis & supply chain

Skill

Purpose

implementing-semgrep-for-custom-sast-rules

Custom SAST rules for Tauri (Rust + JS) and mobile (Kotlin/Swift)

implementing-github-advanced-security-for-code-scanning

CodeQL on the repo

integrating-sast-into-github-actions-pipeline

Wire SAST into CI

performing-sca-dependency-scanning-with-snyk

npm + cargo + native deps

implementing-secret-scanning-with-gitleaks

Hardcoded keys / Supabase service-role tokens

implementing-secrets-scanning-in-ci-cd

Pre-commit + CI gates

implementing-devsecops-security-scanning

End-to-end scanning pipeline

3. Mobile app audit

Skill

Purpose

conducting-mobile-app-penetration-test

Top-level pentest playbook

performing-android-app-static-analysis-with-mobsf

APK static analysis

performing-dynamic-analysis-of-android-app

Runtime analysis (Frida + drozer)

reverse-engineering-android-malware-with-jadx

Decompile your own APK to verify hardening

testing-android-intents-for-vulnerabilities

Exposed components, intent injection

performing-ios-app-security-assessment

iOS pentest playbook

analyzing-ios-app-security-with-objection

Runtime introspection

reverse-engineering-ios-app-with-frida

iOS dynamic instrumentation

exploiting-deeplink-vulnerabilities

Custom URL scheme + universal links

exploiting-insecure-data-storage-in-mobile

Keychain / Keystore / SharedPreferences review

intercepting-mobile-traffic-with-burpsuite

MITM with cert installed

performing-mobile-app-certificate-pinning-bypass

Verify pinning actually works

testing-mobile-api-authentication

Mobile-specific auth flaws

4. Desktop / Tauri audit

Skill

Purpose

auditing-tauri-capabilities

Tauri-specific: capability files, ACL invariants, high-risk identifier checklist, updater config, runtime addCapability search

performing-thick-client-application-penetration-test

Generic thick-client pentest workflow

performing-binary-exploitation-analysis

Stack/heap analysis on the compiled binary

reverse-engineering-rust-malware

Rust binary triage techniques apply to your own binary

For deep technical reference, see docs/tauri-2-security-analysis.md — 30-section audit guide with all CVEs, ACL schema, IPC mechanics, and a 9-block checklist.

5. Backend / API audit (Supabase REST + GoTrue)