Verify that requests to your server come from a genuine Apple device running
Works with
your unmodified app. DeviceCheck provides per-device bits for simple flags
(e.g., "claimed promo offer"). App Attest uses Secure Enclave keys and Apple
attestation to cryptographically prove app legitimacy on each request.
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versiondevice-integrityExecute the skills CLI command in your project's root directory to begin installation:
Fetches device-integrity from dpearson2699/swift-ios-skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate device-integrity. Access via /device-integrity in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
372
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
372
stars
Verify that requests to your server come from a genuine Apple device running your unmodified app. DeviceCheck provides per-device bits for simple flags (e.g., "claimed promo offer"). App Attest uses Secure Enclave keys and Apple attestation to cryptographically prove app legitimacy on each request.
DCDevice generates a
unique, ephemeral token that identifies a device. The token is sent to your
server, which then communicates with Apple's servers to read or set two
per-device bits. Available on iOS 11+.
import DeviceCheck
func generateDeviceToken() async throws -> Data {
guard DCDevice.current.isSupported else {
throw DeviceIntegrityError.deviceCheckUnsupported
}
return try await DCDevice.current.generateToken()
}
func sendTokenToServer(_ token: Data) async throws {
let tokenString = token.base64EncodedString()
var request = URLRequest(url: serverURL.appending(path: "verify-device"))
request.httpMethod = "POST"
request.setValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpBody = try JSONEncoder().encode(["device_token": tokenString])
let (_, response) = try await URLSession.shared.data(for: request)
guard let httpResponse = response as? HTTPURLResponse,
httpResponse.statusCode == 200 else {
throw DeviceIntegrityError.serverVerificationFailed
}
}
Your server uses the device token to call Apple's DeviceCheck API endpoints:
| Endpoint | Purpose |
|---|---|
https://api.devicecheck.apple.com/v1/query_two_bits |
Read the two bits for a device |
https://api.devicecheck.apple.com/v1/update_two_bits |
Set the two bits for a device |
https://api.devicecheck.apple.com/v1/validate_device_token |
Validate a device token without reading bits |
The server authenticates with a DeviceCheck private key from the Apple Developer portal, creating a signed JWT for each request.
Apple stores two Boolean values per device per developer team. You decide what they mean. Common uses:
Bits persist across app reinstall. You control when to reset them via the server API.
DCAppAttestService
validates that a specific instance of your app on a specific device is
legitimate. It uses a hardware-backed key in the Secure Enclave to create
cryptographic attestations and assertions. Available on iOS 14+.
The flow has three phases:
import DeviceCheck
let attestService = DCAppAttestService.shared
guard attestService.isSupported else {
// Fall back to DCDevice token or other risk assessment.
// App Attest is not available on simulators or all device models.
return
}
Generate a cryptographic key pair stored in the Secure Enclave. The returned
keyId is a string identifier you persist (e.g., in Keychain) for later
attestation and assertion calls.
import DeviceCheck
actor AppAttestManager {
private let service = DCAppAttestService.shared
private var keyId: String?
/// Generate and persist a key pair for App Attest.
func generateKeyIfNeeded() async throws -> String {
if let existingKeyId = loadKeyIdFromKeychain() {
self.keyId = existingKeyId
return existingKeyId
}
let newKeyId = try await service.generateKey()
saveKeyIdToKeychain(newKeyId)
self.keyId = newKeyId
return newKeyId
}
// MARK: - Keychain helpers (simplified)
private func saveKeyIdToKeychain(_ keyId: String) {
let data = Data(keyId.utf8)
let query: [String: Any] = [
kSecClass as String: kSecClassGenericPassword,
kSecAttrAccount as String: "app-attest-key-id",
kSecAttrService as String: Bundle.main.bundleIdentifier ?? "",
kSecValueData as String: data,
kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
]
SecItemDelete(query as CFDictionary) // Remove old if exists
SecItemAdd(query as CFDictionary, nil)
}
private func loadKeyIdFromKeychain() -> String? {
let query: [String: Any] = [
kSecClass as String: kSecClassGenericPassword,
kSecAttrAccount as String: "app-attest-key-id",
kSecAttrService as String: Bundle.main.bundleIdentifier ?? "",
kSecReturnData as String: true,
kSecMatchLimit as String: kSecMatchLimitOne
]
var result: AnyObject?
let status = SecItemCopyMatching(query as CFDictionary, &result)
guard status == errSecSuccess, let data = result as? Data else { return nil }
return String(data: data, encoding: .utf8)
}
}
Important: Generate the key once and persist the keyId. Generating a new
key invalidates any previous attestation.
Attestation proves that the key was generated on a genuine Apple device running your unmodified app. You perform attestation once per key, then store the attestation object on your server.
import DeviceCheck
import CryptoKit
✓Make data-driven prioritization decisions faster
Stakeholder Communication
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
✓Save 3-5 hours/week on communication overhead
Implementation Guide
Prerequisites
- ›Claude Desktop or compatible AI client
- ›Access to product documentation and roadmap tools (Jira, Notion, etc.)
- ›Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
- ›Stakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Steps
- 1Install product management skill
- 2Start with user story generation for known feature
- 3Progress to competitive analysis: research 2-3 competitors
- 4Use for roadmap prioritization: apply RICE/ICE scoring
- 5Draft stakeholder communications and refine based on feedback
- 6Build template library for recurring PM tasks
- 7Share effective prompts with product team
Common Pitfalls
- ⚠Not validating competitive research—verify facts before sharing
- ⚠Accepting user stories without involving engineering team
- ⚠Over-relying on frameworks without qualitative judgment
- ⚠Not customizing outputs to company culture and communication style
- ⚠Skipping stakeholder validation of generated requirements
Best Practices
✓ Do
- +Validate research and competitive analysis with real data
- +Collaborate with engineering when generating technical requirements
- +Customize frameworks and templates to your company context
- +Use skill for first drafts, refine with stakeholder input
- +Document successful prompt patterns for PM tasks
- +Combine AI efficiency with human judgment and intuition
✗ Don't
- −Don't publish competitive analysis without fact-checking
- −Don't finalize user stories without engineering review
- −Don't make prioritization decisions solely on AI scoring
- −Don't skip customer validation of generated requirements
- −Don't ignore company-specific context and culture
💡 Pro Tips
- ★Provide context: company goals, constraints, customer feedback
- ★Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
- ★Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
- ★Use skill for 70% generation + 30% customization to company needs
When to Use This
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path
- 1Basic: user stories, feature specs, status updates
- 2Intermediate: competitive analysis, prioritization frameworks, PRDs
- 3Advanced: product strategy, go-to-market planning, OKR setting
- 4Expert: product vision, market positioning, business model innovation
Related Skills
grill-me
646mattpocock/skills
Productivitysame categorypremortem
213parcadei/continuous-claude-v3
Productivitysame categorydeslop
159cursor/plugins
Productivitysame categorytravel-planner
136ailabs-393/ai-labs-claude-skills
Productivitysame categoryframer-motion
131pproenca/dot-skills
Productivitysame categorywrite-a-prd
128mattpocock/skills
Productivitysame categoryReviews
4.6★★★★★54 reviews- IIsabella Lopez★★★★★Dec 28, 2024
device-integrity fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- MMin Abebe★★★★★Dec 24, 2024
device-integrity has been reliable in day-to-day use. Documentation quality is above average for community skills.
- AAmina Kim★★★★★Dec 20, 2024
I recommend device-integrity for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- KKaira Harris★★★★★Dec 4, 2024
Solid pick for teams standardizing on skills: device-integrity is focused, and the summary matches what you get after install.
- NNikhil Singh★★★★★Dec 4, 2024
Useful defaults in device-integrity — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- EEvelyn Iyer★★★★★Nov 23, 2024
We added device-integrity from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- SSakshi Patil★★★★★Nov 19, 2024
I recommend device-integrity for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- JJames Khanna★★★★★Nov 19, 2024
Useful defaults in device-integrity — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- JJin Flores★★★★★Nov 19, 2024
device-integrity has been reliable in day-to-day use. Documentation quality is above average for community skills.
- TTariq Park★★★★★Nov 15, 2024
device-integrity fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
showing 1-10 of 54
1 / 6Discussion
Comments — not star reviews- No comments yet — start the thread.