dtsvetkov1

security-audit

Scans code for security vulnerabilities, hardcoded secrets, and unsafe patterns in React Native and Expo applications. Use before merging sensitive changes or as part of a regular audit.

dtsvetkov1 0 Updated 5mo ago

Resources

1
GitHub

Install

npx skillscat add dtsvetkov1/agent-rules/security-audit

Install via the SkillsCat registry.

SKILL.md

Security Audit Skill

This skill focuses on making the application robust against common mobile security threats.

Instructions

  1. Secret Scanning: Check for API keys, passwords, or tokens in the codebase.
  2. Data Storage: Ensure sensitive data is stored in expo-secure-store and not AsyncStorage.
  3. Network: Verify that all API calls use HTTPS and that SSL pinning is considered for high-security apps.
  4. Input Validation: Check for unsanitized inputs that could lead to XSS or injection.
  5. Permissions: Review app.json for unnecessary permissions.

Tools to Simulate/Use

  • bunx audit (for dependencies)
  • Custom grep patterns for secrets (e.g., sk-, AIza, ghp_)
  • Checking for dangerouslySetInnerHTML in web-related components.

See Mobile Security Checklist for a comprehensive list.

Categories

Code Review Processing Security
GitHub

Install

npx skillscat add dtsvetkov1/agent-rules/security-audit

Install via the SkillsCat registry.

Recommended Skills

ljagiello
ctf-forensics by ljagiello
2.2K 1mo ago
mukul975
analyzing-heap-spray-exploitation by mukul975
12.3K 1mo ago
mukul975
analyzing-network-packets-with-scapy by mukul975
12.3K 1mo ago
mukul975
analyzing-active-directory-acl-abuse by mukul975
12.3K 1mo ago
mukul975
analyzing-kubernetes-audit-logs by mukul975
12.2K 1mo ago
mukul975
analyzing-outlook-pst-for-email-forensics by mukul975
12.2K 1mo ago