CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-ios-app-security-with-objection

Runtime iOS app security testing with Objection (Frida): inspect keychain and filesystem data, explore app internals at runtime, and validate/bypass client-side protections during authorized mobile assessments.

67

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

80%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

An actionable, concise, well-structured operational guide with strong command coverage across MASVS categories. It is held back by absent error-recovery feedback loops in the workflow and by orphaned bundle files that the body never points to.

Suggestions

Add explicit validation checkpoints and feedback loops, e.g. after attach and after each hook, instruct to verify output and retry with '--startup-command' on failure.

Wire up the existing bundle files with signaled one-level-deep links (e.g. 'See [references/api-reference.md] for full command catalog') instead of keeping everything inline and leaving references orphaned.

DimensionReasoningScore

Conciseness

The body is lean and command-driven with no padding explaining basic iOS/security concepts Claude already knows; nearly every line is an executable directive or concise definition.

3 / 3

Actionability

Concrete, copy-paste-ready Objection/Frida commands appear throughout (e.g. 'ios keychain dump', 'ios sslpinning disable', 'memory search "password" --string'), fully meeting the executable-guidance anchor.

3 / 3

Workflow Clarity

Seven clearly sequenced steps with a couple of embedded verifications ('frida-ps -U', observing Burp Suite) are present, but there are no explicit validate→fix→retry feedback loops for runtime modifications, leaving checkpoints mostly implicit.

2 / 3

Progressive Disclosure

The body is well-sectioned, but the provided bundle files (references/api-reference.md, standards.md, workflows.md; scripts/agent.py, process.py; assets/template.md) are never linked or signaled, leaving them orphaned and keeping content inline that could be externalized.

2 / 3

Total

10

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, well-targeted description with concrete actions and natural trigger terms. Its main gap is the absence of an explicit 'Use when...' clause, which leaves the activation guidance implied rather than stated.

Suggestions

Append an explicit trigger clause, e.g. 'Use when conducting authorized runtime security assessments of iOS apps, or when the user mentions Objection, Frida, SSL pinning bypass, or jailbreak detection.'

Add common variation terms users say ('SSL pinning', 'jailbreak detection', 'iOS pentesting') to broaden trigger coverage beyond 'client-side protections'.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'inspect keychain and filesystem data', 'explore app internals at runtime', 'validate/bypass client-side protections' — matching the multiple-specific-actions anchor.

3 / 3

Completeness

It clearly answers 'what' (runtime testing, keychain/filesystem inspection, protection bypass) but lacks an explicit 'Use when...' trigger clause, so 'when' is only implied — capping completeness at 2 per the guidelines.

2 / 3

Trigger Term Quality

Natural user-facing terms are present ('iOS app security testing', 'Objection', 'Frida', 'keychain', 'mobile assessments'), giving good coverage of keywords a user would actually say.

3 / 3

Distinctiveness Conflict Risk

The niche is sharply defined (iOS runtime security testing via Objection/Frida) with distinct triggers, making it unlikely to fire for the wrong skill.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.