Der komplette OWASP Mobile Application Security Standard als KI-Skill für Claude. Gebaut für Auditoren, Entwickler, Architekten und Compliance-Teams.
Consolidated from three separate OWASP repos into a single, AI-ready knowledge package with end-to-end audit workflow.
The verification standard – defines security requirements. Produces audit checklists, requirements matrices, and compliance evidence.
The weakness enumeration – catalogs mobile-specific vulnerabilities with CWE mappings, severity ratings, and correlation analysis.
The testing guide – provides concrete test procedures, tool references, and platform-specific test steps for Android and iOS.
The skill adapts to your role – just describe what you need.
Every control, every category, every platform. Plus regulatory mappings to GDPR, PCI DSS, BSI, and ISO 27001.
| Category | Controls | Focus |
|---|---|---|
| MASVS-STORAGE | 2 | Secure data storage (data at rest) |
| MASVS-CRYPTO | 2 | Cryptographic operations & key management |
| MASVS-AUTH | 3 | Authentication & authorization |
| MASVS-NETWORK | 2 | Network communication (data in transit) |
| MASVS-PLATFORM | 3 | Platform interaction & IPC |
| MASVS-CODE | 4 | Code quality & secure build practices |
| MASVS-RESILIENCE | 4 | Reverse engineering & tampering |
| MASVS-PRIVACY | 4 | Privacy & data protection |
Machine-readable output schemas for downstream agents. Every output ends with an agent_summary block for orchestration.
Structured findings with evidence, severity, and remediation for ticket agents and CI/CD gates.
MASVS matrix with pass/fail verdicts for GRC systems and compliance agents.
STRIDE analysis with risk ratings for architecture and risk management agents.
MASWE entries with detection and fix guidance for vulnerability management.
Platform code patterns for code generation agents and PR review bots.
Build a .skill file or install manually – then drag into any Claude chat.
Open source, CC BY-SA 4.0 licensed. Issues, PRs, and contributions are welcome.