Skip to main content

performing-ios-app-security-assessment

Conducts thorough iOS app security assessments using Frida and Objection for dynamic analysis and SSL pinning bypass.

Install this skill

or
0/100

Security score

The performing-ios-app-security-assessment skill was audited on Jun 12, 2026 and we found 17 security issues across 2 threat categories, including 7 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 5

Access to system keychain/keyring

SourceSKILL.md
5for traffic interception, keychain extraction for credential analysis, and IPA static
high line 22

Access to system keychain/keyring

SourceSKILL.md
22- keychain
high line 51

Access to system keychain/keyring

SourceSKILL.md
51- Extracting and auditing iOS Keychain contents for insecure credential storage practices
high line 134

Access to system keychain/keyring

SourceSKILL.md
134### Step 4: Keychain Extraction and Credential Analysis
medium line 137

Access to system keychain/keyring

SourceSKILL.md
137# Dump all accessible keychain items via Objection
medium line 138

Access to system keychain/keyring

SourceSKILL.md
138ios keychain dump
medium line 140

Access to system keychain/keyring

SourceSKILL.md
140# Dump keychain with raw data output
medium line 141

Access to system keychain/keyring

SourceSKILL.md
141ios keychain dump --json
medium line 143

Access to system keychain/keyring

SourceSKILL.md
143# Check keychain item accessibility attributes
medium line 148

Access to system keychain/keyring

SourceSKILL.md
148ios keychain dump | grep -i "password\|token\|secret\|oauth"
high line 232

Access to system keychain/keyring

SourceSKILL.md
232| **Objection** | Runtime mobile exploration toolkit built on Frida providing pre-built commands for common security tests including keychain dump, SSL pinning bypass, and method hooking |
high line 234

Access to system keychain/keyring

SourceSKILL.md
234| **Keychain** | iOS secure storage API for credentials and tokens; items have accessibility attributes that control when they can be read (e.g., only when device is unlocked) |
high line 253

Access to system keychain/keyring

SourceSKILL.md
253- **Keychain scope limitation**: Objection can only access keychain items within the app's keychain access group. System-wide keychain items require jailbreak-level tools like keychain-dumper.
medium line 262

Access to system keychain/keyring

SourceSKILL.md
262## Finding: Insecure Keychain Storage with kSecAttrAccessibleAlways
medium line 270

Access to system keychain/keyring

SourceSKILL.md
270The application stores OAuth refresh tokens in the iOS Keychain with
medium line 277

Access to system keychain/keyring

SourceSKILL.md
2772. Execute: ios keychain dump
low line 127

External URL reference

SourceSKILL.md
127# Install Burp CA certificate on device via http://<burp_ip>:8080/cert
Scanned on Jun 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 12
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawmobiletestingml-ai-engineersecurity-engineerbackend-developerdevelopment
costrict-plugins-repo/mukul975-anthropic-cybersecurity-skills-cybersecurity-skills