Does this skill perform runtime analysis?

No, this skill focuses on static analysis (SAST) of the application's code and configuration; dynamic analysis (DAST) requires a separate runtime environment.

Can I use this in my GitHub Actions pipeline?

Yes, the skill provides specific workflows and bash scripts for integrating MobSF scans as automated build gates in CI/CD environments.

Does it support both APK and AAB formats?

Yes, MobSF handles both Android Package (APK) and Android App Bundle (AAB) formats, as well as source code ZIP files.

Do I need to install MobSF locally?

You need a running MobSF instance, typically deployed via Docker, which this skill helps you set up and communicate with via its REST API.

Android Security Static Analysis with MobSF

Name: Android Security Static Analysis with MobSF
Author: mukul975

bymukul975

•

4,121

•

セキュリティとテスト

Automates the identification of security vulnerabilities and hardcoded secrets in Android applications using the Mobile Security Framework (MobSF).

This skill enables Claude to perform comprehensive static analysis on Android APK and AAB files using MobSF to identify critical security flaws such as insecure permissions, hardcoded credentials, and weak cryptography. It integrates seamlessly into penetration testing workflows and CI/CD pipelines, providing automated scans that map findings to the OWASP Mobile Top 10 and NIST frameworks. By leveraging MobSF's REST API and decompilation capabilities, users can quickly triage third-party apps or audit their own code for vulnerabilities before production deployment.

主な機能

014,121 GitHub stars

02Identification of OWASP Mobile Top 10 vulnerabilities

03Detection of hardcoded secrets and insecure API keys

04Programmatic integration via MobSF REST API

05Automated APK/AAB decompilation and manifest analysis

06Generation of detailed security reports in PDF and JSON formats

ユースケース

01Auditing third-party Android applications for supply chain risks

02Conducting rapid security assessments during Android penetration tests

03Automating security gates in CI/CD pipelines for mobile apps

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-android-app-static-analysis-with-mobsf

For use in Claude.ai and ChatGPT

主な機能

014,121 GitHub stars

02Identification of OWASP Mobile Top 10 vulnerabilities

03Detection of hardcoded secrets and insecure API keys

04Programmatic integration via MobSF REST API

05Automated APK/AAB decompilation and manifest analysis

06Generation of detailed security reports in PDF and JSON formats

ユースケース

01Auditing third-party Android applications for supply chain risks

02Conducting rapid security assessments during Android penetration tests

03Automating security gates in CI/CD pipelines for mobile apps

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-android-app-static-analysis-with-mobsf

For use in Claude.ai and ChatGPT