react-modernization
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALSAFE
Full Analysis
- Metadata Poisoning (MEDIUM): The 'stars' (20,990) and 'forks' (2,347) metrics are disproportionately high for a framework-specific modernization utility from an individual developer ('wshobson'). This suggests the metadata may be falsified to exploit social proof and encourage users to install the skill under a false sense of security.
- Unverified Malicious URL (SAFE): An automated scanner alert identifies 'this.ca' as a blacklisted domain associated with this skill. However, a manual audit of the metadata.json file, including checks for obfuscated strings, homoglyphs, and Base64 encoded content, did not find any instances of this domain. It is possible the domain exists in the unprovided 'SKILL.md' file or the remote repository.
- No Executable Code (SAFE): The analyzed file is a metadata manifest and contains no executable scripts, commands, or remote code execution patterns. As a manifest, its primary risk is limited to metadata-based deception.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata