Skills
skills/x-cmd/skill/react-native-dev/Gen Agent Trust Hub

react-native-dev

Fail

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file 'references/testing.md' contains an instruction to install the Maestro tool using the command 'curl -Ls "https://get.maestro.mobile.dev" | bash'. This practice executes unverified remote code directly in the user's shell, which is a significant security vulnerability as it bypasses integrity checks and package manager security features.
  • [EXTERNAL_DOWNLOADS]: The skill recommends downloading software from 'https://get.maestro.mobile.dev'. This URL has been flagged by automated scanners with a malicious reputation (Botnet detection). Recommending that users fetch and execute content from a flagged domain poses a critical threat.
  • [COMMAND_EXECUTION]: Multiple reference files ('SKILL.md', 'references/engineering.md') suggest the use of shell commands to initialize projects and install dependencies (e.g., 'npx create-expo-app', 'npx expo install'). While standard in mobile development, these commands involve the execution of third-party code that should be carefully vetted.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 10, 2026, 05:41 AM