clerk-expo-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements session token persistence using
expo-secure-store, which provides encrypted storage on device keychains, preventing unauthorized access to tokens compared to unencrypted alternatives. - [SAFE]: Instructions correctly identify the use of public publishable keys via the
EXPO_PUBLIC_prefix and explicitly warn against misconfiguring environment variables that could lead to security issues in production builds. - [SAFE]: The push notification reference includes proactive security guidance, distinguishing between client-writable
unsafeMetadataand server-protectedpublicMetadatato prevent unauthorized data tampering. - [SAFE]: Network interactions are limited to well-known service endpoints (Expo's push API) and official Clerk domains, conforming to standard operational requirements for authentication and notification services.
Audit Metadata