ios-security-and-rbac
iOS security and authorization orchestration for Keychain, Secure Enclave, privacy, tamper resistance, permissions, RBAC, and tenant-safe mobile access.
Best use case
ios-security-and-rbac is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
iOS security and authorization orchestration for Keychain, Secure Enclave, privacy, tamper resistance, permissions, RBAC, and tenant-safe mobile access.
Teams using ios-security-and-rbac should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ios-security-and-rbac/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ios-security-and-rbac Compares
| Feature / Agent | ios-security-and-rbac | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
iOS security and authorization orchestration for Keychain, Secure Enclave, privacy, tamper resistance, permissions, RBAC, and tenant-safe mobile access.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# iOS Security And RBAC Acknowledgement: Shared by Peter Bamuhigire, techguypeter.com, +256 784 464178. <!-- dual-compat-start --> ## Use When - Securing an iOS app, reviewing mobile threat models, designing permission gates, protecting secrets, or implementing tenant-aware RBAC. - The task mentions Keychain, Secure Enclave, Data Protection, ATS, certificate pinning, jailbreak/tamper checks, privacy manifests, roles, permissions, or offline authorization caches. - A retired iOS security or RBAC skill is referenced by name. ## Do Not Use When - The task is general iOS implementation with no security, privacy, or authorization impact. - The task is cross-platform Android-first RBAC; use `mobile-platform-operations` for the absorbed Android/mobile RBAC reference. ## Required Inputs - Auth model, tenant model, roles/permissions, data sensitivity, offline requirements, API authorization contract, storage choices, and compliance/privacy constraints. ## Workflow 1. Load `ios-development` for baseline implementation standards. 2. Load `vibe-security-skill` for broader product threat modeling when the risk crosses backend, API, or web surfaces. 3. Load `references/ios-app-security.md` for device/app hardening and `references/ios-rbac.md` for permission gates. 4. Verify server-side authorization, local cache expiry, secret storage, privacy disclosure, and test evidence. ## Quality Standards - Client RBAC must never replace server-side authorization. - Secrets belong in Keychain or stronger platform storage, not UserDefaults or logs. - Offline permission caches need expiry, invalidation, auditability, and conservative fallback behaviour. ## Anti-Patterns - Trusting client-side role flags as the source of truth. - Logging tokens, PII, Keychain errors, or authorization payloads. - Adding jailbreak checks without a clear policy for detection, false positives, and support. ## Outputs - iOS threat model, security checklist, RBAC matrix, permission-gate implementation notes, review findings, or verification evidence. ## References - `references/ios-app-security.md` for Keychain, Secure Enclave, ATS, pinning, signing, privacy manifests, and tamper resistance. - `references/ios-rbac.md` for permission models, SwiftUI gates, offline caches, and tenant-safe authorization UX. <!-- dual-compat-end -->
Related Skills
web-app-security-audit
Use when auditing a PHP/JavaScript/HTML web application for security vulnerabilities. Covers configuration, authentication, authorization, input validation, XSS, API security, HTTP headers, and dependency scanning. Produces a severity-rated audit...
vibe-security-skill
Use when designing or reviewing security for a web application, API, or multi-tenant SaaS — produces threat model, abuse case list, auth/authz matrix, and secret handling plan; covers OWASP Top 10 2025 and the AI-code-generation blind spots. Neighbours — api-design-first owns auth model fields, deployment-release-engineering owns secret rotation choreography, ai-security and llm-security own model-specific threats.
network-security
Use when designing, hardening, or auditing network-layer security for self-managed Debian/Ubuntu SaaS infrastructure — firewalls (nftables/UFW), WAF (ModSecurity + OWASP CRS), VPN (WireGuard, OpenVPN, IPsec), TLS/PKI ops, IDS/IPS (Suricata, Fail2ban), zero-trust, SSH hardening, DDoS mitigation, DNS security. Complements web-app-security-audit (app layer) and cicd-devsecops (secrets/CI).
linux-security-hardening
Use when hardening a Debian/Ubuntu server — user/group/sudo hardening, file permission audits, PAM password policy + MFA, AppArmor mandatory access control, auditd system call logging, kernel sysctl hardening, file integrity monitoring (AIDE), rootkit detection (rkhunter/chkrootkit), unattended security patching, GRUB + UEFI + LUKS boot security, and CIS benchmark compliance.
ai-security
Use when securing an AI/LLM-powered feature against prompt injection, cross-tenant data leakage and tenant isolation failures, jailbreaks, and adversarial inputs. Covers PII scrubbing before model calls, output validation, rate limiting, audit logging, and DPPA/GDPR compliance for AI data flows.
dpia-generator
Generate a Data Protection Impact Assessment (DPIA), Uganda DPPA 2019-compliant. Use when producing or reviewing a data protection impact assessment, a privacy impact assessment, when uganda-dppa-compliance flags [DPIA-REQUIRED], or when processing large-scale or sensitive personal data for a new feature.
code-safety-scanner
Scan any codebase for 14 critical safety issues across security vulnerabilities, server stability (500 errors), and payment misconfigurations. Use when auditing code before deployment, reviewing AI-generated code for production readiness, or...
world-class-engineering
Use when designing, building, reviewing, or upgrading production software systems that must be secure, performant, maintainable, scalable, and user-centered. Apply before writing specs, code, architecture, APIs, databases, mobile apps, SaaS platforms, or ERP systems.
update-Codex-documentation
Update project documentation files (README.md, PROJECT_BRIEF.md, TECH_STACK.md, ARCHITECTURE.md, docs/API.md, docs/DATABASE.md, AGENTS.md, docs/plans/NEXT_FEATURES.md) when significant changes occur. MANDATORY at end of each work session to...
skill-writing
Use when creating or upgrading skills in this repository. Covers repository-specific frontmatter rules, progressive disclosure, reference-file strategy, validation, and the quality bar required for production-grade engineering skills.
skill-safety-audit
Scan new or updated skills for unsafe or malicious instructions (unknown tools, external installers, credential harvesting) before accepting them into the repository.
skill-composition-standards
Use when authoring a new skill, normalising an older skill, or reviewing a skill PR — defines the repository-wide house style (frontmatter, decision rules, anti-patterns, references), the output contracts each baseline-skill type must produce, and the input contracts each specialist skill must declare. This is the enforcement spine that makes the repository compose as a system, not a library of linked documents.