A collection of specialized Claude Code skills for Flutter development, focusing on testing and security best practices.
Claude Code is Anthropic's official CLI tool that brings Claude AI directly to your terminal. Skills are modular capabilities that extend Claude's functionality for specific domains or tasks. Each skill consists of a SKILL.md file with instructions, plus optional supporting files like scripts and templates.
Skills are model-invoked - Claude autonomously decides when to activate them based on your request and the skill's description. You don't need to explicitly call a skill; simply describe what you want to do, and Claude will activate the relevant skill automatically.
Name: flutter-tester
Purpose: Comprehensive testing guidance for Flutter applications
A specialized skill that provides expert guidance on creating, writing, and analyzing tests in Flutter projects. Covers the full spectrum of testing including unit tests, widget tests, integration tests, and provides deep knowledge of mocking patterns, Riverpod state management testing, and industry best practices.
Key Features:
- Given-When-Then test structure patterns
- Layer-by-layer testing strategies (Data, Domain, Presentation, Application)
- Mockito and Riverpod testing patterns
- Widget testing with proper screen size setup and key usage
- Database testing with FakeDatabase
- Stream, timer, and async testing patterns
- Comprehensive test checklists and verification patterns
Reference Documentation:
- Layer testing patterns (repositories, providers, DAOs)
- Widget testing guide with interaction patterns
- Riverpod testing guide for state management
Name: owasp-mobile-security-checker
Purpose: Security analysis and vulnerability assessment for Flutter mobile applications
A comprehensive security auditing skill based on the OWASP Mobile Top 10 (2024) guidelines. Combines automated Python scanning scripts with detailed manual analysis workflows to identify vulnerabilities, assess security posture, and provide actionable remediation guidance.
Key Features:
-
Automated Scanners:
- M1: Hardcoded secrets and credential detection
- M2: Dependency security and outdated package analysis
- M5: Network security validation (HTTPS, certificate pinning)
- M9: Storage security analysis (encryption, secure storage)
-
Manual Analysis Guidance:
- M3: Authentication and authorization patterns
- M4: Input/output validation strategies
- M6: Privacy controls and PII handling
- M7: Binary protections and obfuscation
- M8: Security misconfiguration detection
- M10: Cryptography implementation review
-
Comprehensive Reporting:
- Severity-based prioritization (CRITICAL → HIGH → MEDIUM → LOW)
- Flutter-specific code examples
- Actionable remediation steps
- OWASP risk categorization
Reference Documentation:
- OWASP Mobile Top 10 (2024) detailed guide
- Flutter-specific vulnerability patterns
- Secure vs insecure code examples
- Claude Code installed and configured
- For OWASP Security Checker: Python 3.7+
Skills can be installed in two locations:
Install to ~/.claude/skills/ for use across all your projects:
cd ~/.claude/skills/
git clone https://github.com/Harishwarrior/flutter-claude-skills.gitAfter cloning, the skills will be available in:
~/.claude/skills/flutter-claude-skills/flutter-tester/~/.claude/skills/flutter-claude-skills/owasp-mobile-security-checker/
Install to .claude/skills/ in your Flutter project for team sharing:
cd /path/to/your/flutter/project
mkdir -p .claude/skills
cd .claude/skills
git clone https://github.com/Harishwarrior/flutter-claude-skills.gitCommit the .claude/skills/ directory to git so team members automatically get the skills when they pull.
Note: Claude automatically discovers skills from both locations. No additional configuration needed.
Skills are automatically activated by Claude based on your request. You don't need to explicitly invoke them - just describe what you want to do naturally.
Claude will automatically activate the flutter-tester skill when you work on Flutter tests:
# In your Flutter project directory
claudeExample conversations:
"Help me write widget tests for my LoginScreen"
→ Claude detects you need testing help and activates flutter-tester
"Create unit tests for my UserRepository class"
→ Automatically uses flutter-tester patterns
"My widget tests in auth_screen_test.dart are failing. Can you help debug them?"
→ Claude applies flutter-tester debugging guidelines
"How should I test Riverpod providers?"
→ Provides Riverpod testing patterns from the skill
"Review my test coverage and suggest missing test cases"
→ Uses flutter-tester checklist and best practices
Claude will automatically activate the owasp-mobile-security-checker skill for security-related requests:
For automated scanning:
"Check my Flutter app for hardcoded secrets and API keys"
→ Claude runs scan_hardcoded_secrets.py
"Scan my dependencies for security vulnerabilities"
→ Claude runs check_dependencies.py
"Verify my app uses HTTPS and has proper certificate pinning"
→ Claude runs check_network_security.py
"Analyze my app's data storage for security issues"
→ Claude runs analyze_storage_security.py
"Perform a comprehensive OWASP security audit"
→ Claude runs all scanners and performs manual analysis
For manual analysis:
"Review my authentication implementation for security issues"
→ Claude applies M3 (Authentication) guidelines
"Check my app for input validation vulnerabilities"
→ Claude applies M4 (Input Validation) patterns
"Audit my cryptography implementation"
→ Claude applies M10 (Cryptography) best practices
You can also run the security scanners directly:
# From your Flutter project root
cd /path/to/your/flutter/project
# Run individual scanners
python3 ~/.claude/skills/flutter-claude-skills/owasp-mobile-security-checker/scripts/scan_hardcoded_secrets.py .
python3 ~/.claude/skills/flutter-claude-skills/owasp-mobile-security-checker/scripts/check_dependencies.py .
python3 ~/.claude/skills/flutter-claude-skills/owasp-mobile-security-checker/scripts/check_network_security.py .
python3 ~/.claude/skills/flutter-claude-skills/owasp-mobile-security-checker/scripts/analyze_storage_security.py .Results are saved as JSON files in your project directory.
flutter-tester/
├── SKILL.md # Main skill definition and guidance
└── references/
├── layer_testing_patterns.md # Repository, Provider, DAO testing patterns
├── widget_testing_guide.md # Widget interaction and UI testing
└── riverpod_testing_guide.md # State management testing with Riverpod
owasp-mobile-security-checker/
├── SKILL.md # Main skill definition and workflows
├── scripts/
│ ├── scan_hardcoded_secrets.py # M1: Credential scanning
│ ├── check_dependencies.py # M2: Package security
│ ├── check_network_security.py # M5: Network config validation
│ └── analyze_storage_security.py # M9: Storage security analysis
└── references/
└── owasp_mobile_top_10_2024.md # Complete OWASP guide with examples
Contributions are welcome! Here's how you can help:
- Report issues - Found a bug or have a suggestion? Open an issue
- Improve patterns - Have a better testing or security pattern? Submit a PR
- Add examples - More real-world examples are always helpful
- Update scanners - Help keep the security scanners current with new patterns
- Documentation - Improve guides, add clarifications, fix typos
- Follow the existing structure and formatting
- Test your changes thoroughly
- Update relevant documentation
- Add examples where appropriate
- Keep security scanner patterns up-to-date with latest threats
- OWASP Mobile Top 10 (2024)
- Flutter Security Best Practices
- Android Security Guidelines
- iOS Security Guide
This project is licensed under the MIT License - see the LICENSE file for details.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Built for Claude Code by Anthropic
- Testing patterns based on Flutter community best practices
- Security guidelines based on OWASP Mobile Top 10 (2024)
- Inspired by the Flutter and mobile security communities