Cryptotokenkit

Name: Cryptotokenkit
Author: dpearson2699

dpearson2699/swift-ios-skills

Review or implement Apple CryptoTokenKit smart-card token extensions on macOS without mixing iOS drivers, Sign in with Apple, or OAuth patterns.

Install

npx skills add https://github.com/dpearson2699/swift-ios-skills --skill cryptotokenkit

What is this skill?

Corrects macOS smart-card login flows vs mistaken iOS TKTokenDriver-only targets
Specifies TKSmartCardTokenDriver, TKSmartCardToken, and TKSmartCardTokenSession classes
Info.plist nesting: com.apple.ctk.driver-class under NSExtensionAttributes with com.apple.ctk-tokens point
Registration via host app launched as _securityagent user at install time
Warns against sharing PIN or auth state across TKTokenSession instances

Adoption & trust: 1.2k installs on skills.sh; 713 GitHub stars; 1/3 security scanners passed (skills.sh audits).

Recommended Skills

Vercel React Native Skillsvercel-labs/agent-skills

Agent-oriented React Native performance playbook spanning core rendering, list optimization, and incremental tuning for …137k installs·27.7k stars

Firebase Basicsfirebase/agent-skills

Firebase-basics is an agent skill that walks solo builders through standing up Firebase for an Android application using…76.3k installs·345 stars

Building Native Uiexpo/skills

building-native-ui is an Expo-oriented agent skill that steers solo builders toward React Native Reanimated v4 for anima…46.9k installs·2k stars

Firebase Ai Logic Basicsfirebase/agent-skills

firebase-ai-logic-basics is a Firebase agent skill for solo builders shipping Flutter apps who want Google Gemini throug…39.7k installs·345 stars

Native Data Fetchingexpo/skills

Native Data Fetching is an Expo agent skill that governs how solo builders implement and troubleshoot every network requ…37.2k installs·2k stars

Firebase Firestorefirebase/agent-skills

Firebase-firestore is a narrow Firebase agent skill for solo builders shipping Android apps in Kotlin who need Cloud Fir…37k installs·345 stars

Journey fit

Primary fit

BuildIntegrations & version control

Smart-card and CTK extensions are built during platform integration work—canonical Build/integrations for Apple security hardware. CryptoTokenKit is a system extension integration with Keychain and loginwindow—not generic app UI or backend API work.

Common Questions / FAQ

Is Cryptotokenkit safe to install?

skills.sh reports 1 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Cryptotokenkit

{
  "skill_name": "cryptotokenkit",
  "evals": [
    {
      "id": 0,
      "prompt": "Review this macOS smart-card login extension plan: create an iOS token driver target with TKTokenDriver, put com.apple.ctk.driver-class at the top level of Info.plist, share one PIN-authenticated state across token sessions, and register it by launching the normal app as the current user.",
      "expected_output": "A correction-focused CryptoTokenKit review that keeps system smart-card authentication on macOS, uses the smart-card token extension classes and Info.plist nesting, registers through _securityagent, and preserves per-session authentication state.",
      "files": [],
      "expectations": [
        "States that the smart-card app extension flow for system login and keychain unlock is a macOS workflow, not an iOS token driver target.",
        "Uses TKSmartCardTokenDriver, TKSmartCardToken, and TKSmartCardTokenSession for smart-card token extensions.",
        "Places com.apple.ctk.driver-class under NSExtension > NSExtensionAttributes and uses NSExtensionPointIdentifier com.apple.ctk-tokens.",
        "Registers the extension by launching the host app as the _securityagent user during installation.",
        "Warns not to share PIN or authentication state across TKTokenSession instances.",
        "Does not drift into generic Sign in with Apple, passkey, or OAuth authentication guidance."
      ]
    },
    {
      "id": 1,
      "prompt": "I'm building an iOS 26 app that reads a contactless PIV smart card over NFC and wants to keep a token-backed keychain reference for later signing. What CryptoTokenKit APIs and availability checks should I use?",
      "expected_output": "An iOS 26 CryptoTokenKit plan that uses TKSmartCardSlotManager NFC sessions, TKSmartCard APDU communication, TKSmartCardTokenRegistrationManager, kSecAttrTokenID keychain queries, persistent-reference handling, and explicit availability/access guards.",
      "files": [],
      "expectations": [
        "States that createNFCSlot(message:completion:) and isNFCSupported() are iOS/iPadOS 26+ APIs.",
        "Guards TKSmartCardSlotManager.default and isNFCSupported() before creating an NFC smart-card slot.",
        "Uses the TKSmartCardSlotNFCSession slotName to obtain a TKSmartCardSlot and TKSmartCard for APDU communication.",
        "Ends the NFC session with TKSmartCardSlotNFCSession.end().",
        "Uses TKSmartCardTokenRegistrationManager for iOS 26+ smart-card registration instead of inventing custom persistence.",
        "Uses kSecAttrTokenID, TKTokenWatcher, and errSecItemNotFound handling for token-backed keychain references."
      ]
    },
    {
      "id": 2,
      "prompt": "I need to add hardware-token certificate auth, passkeys, Secure Enclave key generation, and certificate pinning to an iOS app. Which parts belong in CryptoTokenKit, and what should move to sibling skills?",
      "expected_output": "A boundary-aware routing answer that keeps CryptoTokenKit focused on token-backed smart-card/keychain workflows, routes passkeys and user-facing account auth to authentication, and routes Secure Enclave, CryptoKit, Keychain storage architecture, and certificate pinning to swift-security.",
      "files": [],
      "expectations": [
        "Keeps CryptoTokenKit focused on security tokens, smart cards, token sessions, token-backed keychain items, and certificate-based smart-card authentication.",
        "Routes passkeys/WebAuthn and user-facing account sign-in flows to the authentication skill.",
        "Routes Secure Enclave key generation, CryptoKit primitives, keychain storage architecture, and certificate pinning/trust policy to swift-security.",
        "Explains that token-backed keychain items are queried with kSecAttrTokenID when a token is present.",
        "Mentions that normal token presence/removal should be tracked with TKTokenWatcher.",
        "Does not broaden CryptoTokenKit into a general mobile security or account-authenticatio

What is this skill?

Corrects macOS smart-card login flows vs mistaken iOS TKTokenDriver-only targets

Specifies TKSmartCardTokenDriver, TKSmartCardToken, and TKSmartCardTokenSession classes

Info.plist nesting: com.apple.ctk.driver-class under NSExtensionAttributes with com.apple.ctk-tokens point

Registration via host app launched as _securityagent user at install time

Warns against sharing PIN or auth state across TKTokenSession instances

Adoption & trust: 1.2k installs on skills.sh; 713 GitHub stars; 1/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildIntegrations & version control

SKILL.md

READMESKILL.md - Cryptotokenkit

{
  "skill_name": "cryptotokenkit",
  "evals": [
    {
      "id": 0,
      "prompt": "Review this macOS smart-card login extension plan: create an iOS token driver target with TKTokenDriver, put com.apple.ctk.driver-class at the top level of Info.plist, share one PIN-authenticated state across token sessions, and register it by launching the normal app as the current user.",
      "expected_output": "A correction-focused CryptoTokenKit review that keeps system smart-card authentication on macOS, uses the smart-card token extension classes and Info.plist nesting, registers through _securityagent, and preserves per-session authentication state.",
      "files": [],
      "expectations": [
        "States that the smart-card app extension flow for system login and keychain unlock is a macOS workflow, not an iOS token driver target.",
        "Uses TKSmartCardTokenDriver, TKSmartCardToken, and TKSmartCardTokenSession for smart-card token extensions.",
        "Places com.apple.ctk.driver-class under NSExtension > NSExtensionAttributes and uses NSExtensionPointIdentifier com.apple.ctk-tokens.",
        "Registers the extension by launching the host app as the _securityagent user during installation.",
        "Warns not to share PIN or authentication state across TKTokenSession instances.",
        "Does not drift into generic Sign in with Apple, passkey, or OAuth authentication guidance."
      ]
    },
    {
      "id": 1,
      "prompt": "I'm building an iOS 26 app that reads a contactless PIV smart card over NFC and wants to keep a token-backed keychain reference for later signing. What CryptoTokenKit APIs and availability checks should I use?",
      "expected_output": "An iOS 26 CryptoTokenKit plan that uses TKSmartCardSlotManager NFC sessions, TKSmartCard APDU communication, TKSmartCardTokenRegistrationManager, kSecAttrTokenID keychain queries, persistent-reference handling, and explicit availability/access guards.",
      "files": [],
      "expectations": [
        "States that createNFCSlot(message:completion:) and isNFCSupported() are iOS/iPadOS 26+ APIs.",
        "Guards TKSmartCardSlotManager.default and isNFCSupported() before creating an NFC smart-card slot.",
        "Uses the TKSmartCardSlotNFCSession slotName to obtain a TKSmartCardSlot and TKSmartCard for APDU communication.",
        "Ends the NFC session with TKSmartCardSlotNFCSession.end().",
        "Uses TKSmartCardTokenRegistrationManager for iOS 26+ smart-card registration instead of inventing custom persistence.",
        "Uses kSecAttrTokenID, TKTokenWatcher, and errSecItemNotFound handling for token-backed keychain references."
      ]
    },
    {
      "id": 2,
      "prompt": "I need to add hardware-token certificate auth, passkeys, Secure Enclave key generation, and certificate pinning to an iOS app. Which parts belong in CryptoTokenKit, and what should move to sibling skills?",
      "expected_output": "A boundary-aware routing answer that keeps CryptoTokenKit focused on token-backed smart-card/keychain workflows, routes passkeys and user-facing account auth to authentication, and routes Secure Enclave, CryptoKit, Keychain storage architecture, and certificate pinning to swift-security.",
      "files": [],
      "expectations": [
        "Keeps CryptoTokenKit focused on security tokens, smart cards, token sessions, token-backed keychain items, and certificate-based smart-card authentication.",
        "Routes passkeys/WebAuthn and user-facing account sign-in flows to the authentication skill.",
        "Routes Secure Enclave key generation, CryptoKit primitives, keychain storage architecture, and certificate pinning/trust policy to swift-security.",
        "Explains that token-backed keychain items are queried with kSecAttrTokenID when a token is present.",
        "Mentions that normal token presence/removal should be tracked with TKTokenWatcher.",
        "Does not broaden CryptoTokenKit into a general mobile security or account-authenticatio

Install

What is this skill?

Recommended Skills

Journey fit

Is Cryptotokenkit safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Cryptotokenkit safe to install?

SKILL.md