mobile-dev-server-sandbox

This skill file documents a local development sandbox workflow and appears internally consistent with that purpose. There are no signs of supply-chain download-execute patterns, credential harvesting, or exfiltration to third-party domains in the provided text. The primary security concern is operational: running the sandbox without auth and binding to 0.0.0.0 can expose the environment on the LAN; users should avoid that on untrusted networks and use firewall or host-only bindings. Review of the referenced scripts (dev-server-sandbox.ts, mobile-cors-proxy.ts, orpc/server.ts) is recommended for full assurance, but based on this manifest alone the risk is low to moderate and primarily configuration-based.