sentry-react-native-setup

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is a legitimate, focused guide to installing and configuring Sentry for React Native/Expo. Main security concerns are supply-chain risk from the recommended `npx @sentry/wizard@latest` (download-and-execute of remote package), the practice of storing auth tokens in project files (risk of accidental commit/exposure), and example configuration values that enable wide collection of PII/session replay and 100% sampling — these increase privacy and data-exfiltration risk if used indiscriminately. There is no evidence of malware or malicious redirection to third-party interceptor services. Recommend: pin the wizard version when possible, avoid committing credentials, use least-privilege tokens and conservative sampling/PII settings, and review the wizard's code before executing in high-security environments. LLM verification: The document is legitimate setup documentation for Sentry in React Native/Expo. It does not contain hidden or obfuscated malicious code, nor does it itself exfiltrate data. The main security concerns are operational: (1) the unpinned npx wizard is a supply-chain risk and should be pinned/audited before execution, (2) example settings promote broad telemetry and PII collection and should default to privacy-preserving values and warn users, and (3) storing SENTRY_AUTH_TOKEN/DSN in local files or c