react-doctor
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the npx command to download the react-doctor package from the npm registry.
- [REMOTE_CODE_EXECUTION]: The skill executes the react-doctor package immediately after downloading it using the npx -y flag, which bypasses the confirmation prompt. It uses the @latest tag, which ensures the most recent version is run but may introduce unverified changes at runtime.
- [COMMAND_EXECUTION]: The skill invokes a shell command to run the external tool on the local project directory using the provided project root path.
Audit Metadata