Capsec scans your Capacitor or Ionic app for 63+ security issues across secrets, storage, network config, and platform-specific vulnerabilities. Run npx capsec scan with zero setup, and it flags everything from hardcoded API keys to disabled certificate pinning to Android debug mode left on in production. The HTML reports are clean, the CI mode exits dirty on critical finds, and the fixes are concrete (swap Preferences for NativeBiometric, lock down AndroidManifest cleartext settings). It's basically a linter for the OWASP Mobile Top 10, tuned specifically for Capacitor's quirks. If you're shipping a mobile app that touches real user data, run this before your security team does.
npx skills add https://github.com/cap-go/capacitor-skills --skill capacitor-security