📦

監査履歴

react-native-best-practices - 2 監査

監査バージョン 2

最新 中リスク

Jun 28, 2026, 08:10 PM

This is a documentation-only React Native performance skill. Static analysis mostly matched Markdown fences, shell examples, and performance terminology, not executable skill code. Publication is acceptable with warnings for pipe-to-shell installation guidance and remote chunk loading examples.

29
スキャンされたファイル
6,499
解析済み行数
11
検出結果
codex
監査者
中リスクの問題 (2)
Pipe-To-Shell Installer Guidance
The skill recommends installing Flashlight with a curl-to-bash command. This is not malicious, but it executes downloaded code without inspection and should be shown as a warning.
Remote Chunk Loading Requires Trust Controls
The code splitting guide shows production chunks loaded from a CDN and module federation examples. This is legitimate Re.Pack usage, but users need integrity and release controls.
低リスクの問題 (4)
Markdown Shell Examples Flagged As Execution
Most external command alerts are Markdown code fences that document normal React Native, Expo, Android, and iOS tooling. They are not executable skill logic.
Keylogger Keyword False Positive
The critical keylogger alerts come from the word keystroke in a UI latency example. The content discusses blocked typing, not logging user input.
Weak Crypto Alerts Are Performance Guidance
The crypto-related alerts are documentation about replacing slow JavaScript crypto packages with native implementations. No weak algorithm or credential handling was found.
Environment And Filesystem Access Are Configuration Examples
Environment and filesystem alerts are examples for build flags, cold-start detection, cache paths, mmap explanation, and local dependency inspection. No secret exfiltration was found.

検出されたパターン

Pipe-To-Shell Command PatternRuntime Code Loading From Remote Locations

監査バージョン 1

低リスク

Jan 23, 2026, 08:08 AM

Documentation-only skill containing React Native optimization guidelines. Static analyzer flagged shell command examples in markdown code blocks as 'external_commands', but these are documentation patterns, not executable code. All 1101 detections are false positives - the skill only provides guidance and reference materials without executing any code.

29
スキャンされたファイル
6,499
解析済み行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした