>_SkillsHub

> android-legacy-security

Standards for Intents, WebViews, and FileProvider. Use when securing Intent handling, WebViews, or FileProvider access in Android. (triggers: **/*Activity.kt, **/*WebView*.kt, AndroidManifest.xml, Intent, WebView, FileProvider, javaScriptEnabled)

fetch
$curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/android-legacy-security?format=md"
SKILL.mdandroid-legacy-security

Android Legacy Security Standards

Priority: P0

Implementation Guidelines

Intents

  • Implicit: Always verify resolveActivity before starting.
  • Exported: Verify android:exported logic (as per security skill).
  • Data: Treat all incoming Intent extras as untrusted input.

WebView

  • JS: Default to javaScriptEnabled = false. Only enable for trusted domains.
  • File Access: Disable allowFileAccess to prevent local file theft via XSS.

File Exposure

  • FileProvider: NEVER expose file:// URIs. Use FileProvider.

Anti-Patterns

  • Implicit Internal: **No Implicit for Internal**: Use Explicit Intents (class name).
  • World Readable: **No MODE_WORLD_READABLE**: SharedPreferences/Files.

References

> related_skills --same-repo

> typescript-tooling

Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)

> typescript-security

Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)

> typescript-language

Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)

> typescript-best-practices

Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)

┌ stats

installs/wk0
░░░░░░░░░░
github stars341
██████████
first seenMar 17, 2026
└────────────

┌ repo

HoangNguyen0403/agent-skills-standard
by HoangNguyen0403
└────────────

┌ tags

#android#editor#java#javascript#mobile#security
└────────────