> flutter-security
Security standards for Flutter applications based on OWASP Mobile. Use when applying OWASP Mobile security standards or securing a Flutter application. (triggers: lib/infrastructure/**, pubspec.yaml, secure_storage, obfuscate, jailbreak, pinning, PII, OWASP)
curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/flutter-security?format=md"Mobile Security
Priority: P0 (CRITICAL)
Standards for basic mobile security and PII protection.
Implementation Guidelines
- Secure Storage: Use
flutter_secure_storagefor tokens/PII. Never useshared_preferences. - Hardcoding: Never store API keys or secrets in Dart code. Use
--dart-defineor.env. - Obfuscation: Always release with
--obfuscateand--split-debug-info. Note: This is a deterrent, not cryptographic protection. For sensitive logic, move to backend. - SSL Pinning: For high-security apps, use
dio_certificate_pinning. - Root Detection: Use
flutter_jailbreak_detectionfor financial/sensitive applications. - PII Masking: Mask sensitive data (email, phone) in logs and analytics.
Reference & Examples
For SSL Pinning and Secure Storage implementation details: See references/REFERENCE.md.
Related Topics
common/security-standards | layer-based-clean-architecture | performance
🚫 Anti-Patterns
- Do NOT use standard patterns if specific project rules exist.
- Do NOT ignore error handling or edge cases.
> related_skills --same-repo
> typescript-tooling
Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)
> typescript-security
Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)
> typescript-language
Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)
> typescript-best-practices
Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)