Skill UI

This expert skill performs non-intrusive static analysis to thoroughly audit AI skills and bundles. It identifies malicious patterns, data leaks, system stability risks, and obfuscated payloads across major operating systems (Windows, macOS, Linux/Unix) and mobile platforms (Android/iOS). Use it when verifying skill legitimacy or performing deep cross-platform security reviews.

This guide details advanced methods for detecting and preventing QR code phishing (quishing) attacks. It covers how malicious URLs embedded in images bypass traditional email security filters, requiring multimodal AI, OCR, and robust mobile threat defense solutions. Essential for SOC analysts and security teams.

A comprehensive guide for intercepting and analyzing HTTP/HTTPS traffic from mobile applications using Burp Suite. This skill walks through configuring proxies on Android and iOS, handling CA certificate installation, and executing advanced penetration testing techniques. It is essential for assessing API security, identifying data leakage, and finding authentication vulnerabilities in mobile client-server communications.

This comprehensive guide teaches advanced iOS reverse engineering techniques using Frida dynamic instrumentation. Users can analyze proprietary app logic, extract encryption keys, trace method calls, and bypass anti-tampering or anti-debugging mechanisms without needing source code. It is essential for authorized mobile security testing and protocol analysis.

This comprehensive skill provides a systematic framework for performing deep security assessments on iOS applications. It covers static analysis of IPA packages, dynamic instrumentation using Frida and Objection, SSL pinning bypass for traffic interception, extraction and auditing of sensitive data from the Keychain, and runtime method hooking. Use this for authorized penetration testing against standards like OWASP MASTG.

A comprehensive playbook for advanced mobile security assessments of iOS applications. Covers both jailbroken and non-jailbroken environments, focusing on critical attack vectors such as keychain extraction, URL scheme hijacking, Universal Links exploitation via AASA misconfigurations, runtime memory manipulation (Frida/Objection), and binary protection analysis.