zustand-mobile-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the installation of 'zustand' via npm. This is a widely used and reputable open-source library for state management.
- [DATA_EXFILTRATION] (SAFE): No unauthorized data exfiltration patterns were detected. The authentication example demonstrates correct use of 'expo-secure-store' for handling sensitive session tokens locally on a mobile device.
- [COMMAND_EXECUTION] (SAFE): There are no instances of arbitrary command execution or dangerous shell scripts. The only command mentioned is a standard package installation.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution vulnerabilities were found. All code snippets are static examples for developer reference.
- [SAFE] (SAFE): The automated scanner alert for 'state.in' is confirmed as a false positive. The pattern 'state.in' occurs within standard JavaScript variable access, such as 'state.increment' or 'state.items', and does not represent a malicious network connection.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata