security-audit

Scans code for security vulnerabilities, hardcoded secrets, and unsafe patterns in React Native and Expo applications. Use before merging sensitive changes or as part of a regular audit.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-audit" with this command: npx skills add dtsvetkov1/agent-rules/dtsvetkov1-agent-rules-security-audit

Security Audit Skill

This skill focuses on making the application robust against common mobile security threats.

Instructions

Secret Scanning: Check for API keys, passwords, or tokens in the codebase.
Data Storage: Ensure sensitive data is stored in expo-secure-store and not AsyncStorage.
Network: Verify that all API calls use HTTPS and that SSL pinning is considered for high-security apps.
Input Validation: Check for unsanitized inputs that could lead to XSS or injection.
Permissions: Review app.json for unnecessary permissions.

Tools to Simulate/Use

bunx audit (for dependencies)
Custom grep patterns for secrets (e.g., sk-, AIza, ghp_)
Checking for dangerouslySetInnerHTML in web-related components.

See Mobile Security Checklist for a comprehensive list.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHub Open in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

doc-sync

No summary provided by upstream source.

Repository SourceNeeds Review

-3

Automation

opinion-critic

No summary provided by upstream source.

Repository SourceNeeds Review

-3

Automation

navigation-architect

No summary provided by upstream source.

Repository SourceNeeds Review

-3