Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

JubaKitiashvili/security-review

Name: security-review
Author: JubaKitiashvili

.claude/skills/security-review/SKILL.md

npx skillsauth add JubaKitiashvili/everything-react-native-expo security-review

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Security Review

You are performing a security audit on a React Native application. This skill provides a systematic security checklist specific to mobile apps.

When to Use This Skill

Invoke when:

Before deploying to production
After adding authentication or payment features
During code review of sensitive features
Periodically as a security health check

Audit Categories

1. Data Storage Security

[ ] Sensitive data uses expo-secure-store (Expo) or Keychain/Keystore (bare)
[ ] No sensitive data in AsyncStorage (it's unencrypted)
[ ] No secrets in source code or environment files committed to git
[ ] .env is in .gitignore
[ ] API keys use EAS Secrets for builds (not hardcoded)

2. Network Security

[ ] All API calls use HTTPS
[ ] Certificate pinning implemented for sensitive endpoints
[ ] Auth tokens stored securely, not in plain AsyncStorage
[ ] Token refresh logic handles expiration correctly
[ ] No sensitive data in URL query parameters

3. Authentication & Authorization

[ ] Passwords never stored locally
[ ] Biometric auth uses platform APIs (FaceID, fingerprint)
[ ] Session tokens have reasonable expiry
[ ] Logout clears all sensitive cached data
[ ] Deep links validate auth state before navigating

4. Code Security

[ ] No eval() or dynamic code execution
[ ] WebView javaScriptEnabled only when necessary
[ ] Input validation on all user inputs
[ ] SQL injection prevention (parameterized queries)
[ ] No debug logging of sensitive data

5. Build Security

[ ] ProGuard/R8 enabled for Android release builds
[ ] iOS binary stripped in release
[ ] Source maps not included in production bundles
[ ] App Transport Security (ATS) properly configured (iOS)
[ ] Android networkSecurityConfig restricts cleartext traffic

6. Platform-Specific

iOS:

[ ] Privacy Manifest (iOS 17+) includes required reasons
[ ] Keychain access group properly configured
[ ] No private API usage
[ ] Background fetch/processing doesn't leak data

Android:

[ ] Exported components require permissions
[ ] Content providers are not unnecessarily exported
[ ] Backup rules exclude sensitive data (android:allowBackup="false")
[ ] Minimum SDK version is current (API 24+)

7. Third-Party Dependencies

[ ] No known vulnerabilities (npm audit)
[ ] Dependencies are up to date
[ ] No abandoned packages with known issues
[ ] Native dependencies reviewed for permissions

Output

## Security Audit Report

### Risk Level: LOW / MEDIUM / HIGH / CRITICAL

### Findings
[Severity] [Category] — [Description]
  Location: [file:line]
  Recommendation: [fix]

### Summary
- Critical: N
- High: N
- Medium: N
- Low: N
- Passed: N checks

JubaKitiashvili/security-review

.claude/skills/security-review/SKILL.md

Mobile security audit for React Native applications

31 stars

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add JubaKitiashvili/everything-react-native-expo security-review

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 24, 2026, 8:56 PM1.8s1 file scanned

SKILL.md

name:: security-review
description:: Mobile security audit for React Native applications

Security Review

You are performing a security audit on a React Native application. This skill provides a systematic security checklist specific to mobile apps.

When to Use This Skill

Invoke when:

Before deploying to production
After adding authentication or payment features
During code review of sensitive features
Periodically as a security health check

Audit Categories

1. Data Storage Security

[ ] Sensitive data uses expo-secure-store (Expo) or Keychain/Keystore (bare)
[ ] No sensitive data in AsyncStorage (it's unencrypted)
[ ] No secrets in source code or environment files committed to git
[ ] .env is in .gitignore
[ ] API keys use EAS Secrets for builds (not hardcoded)

2. Network Security

[ ] All API calls use HTTPS
[ ] Certificate pinning implemented for sensitive endpoints
[ ] Auth tokens stored securely, not in plain AsyncStorage
[ ] Token refresh logic handles expiration correctly
[ ] No sensitive data in URL query parameters

3. Authentication & Authorization

[ ] Passwords never stored locally
[ ] Biometric auth uses platform APIs (FaceID, fingerprint)
[ ] Session tokens have reasonable expiry
[ ] Logout clears all sensitive cached data
[ ] Deep links validate auth state before navigating

4. Code Security

[ ] No eval() or dynamic code execution
[ ] WebView javaScriptEnabled only when necessary
[ ] Input validation on all user inputs
[ ] SQL injection prevention (parameterized queries)
[ ] No debug logging of sensitive data

5. Build Security

[ ] ProGuard/R8 enabled for Android release builds
[ ] iOS binary stripped in release
[ ] Source maps not included in production bundles
[ ] App Transport Security (ATS) properly configured (iOS)
[ ] Android networkSecurityConfig restricts cleartext traffic

6. Platform-Specific

iOS:

[ ] Privacy Manifest (iOS 17+) includes required reasons
[ ] Keychain access group properly configured
[ ] No private API usage
[ ] Background fetch/processing doesn't leak data

Android:

[ ] Exported components require permissions
[ ] Content providers are not unnecessarily exported
[ ] Backup rules exclude sensitive data (android:allowBackup="false")
[ ] Minimum SDK version is current (API 24+)

7. Third-Party Dependencies

[ ] No known vulnerabilities (npm audit)
[ ] Dependencies are up to date
[ ] No abandoned packages with known issues
[ ] Native dependencies reviewed for permissions

Output

## Security Audit Report

### Risk Level: LOW / MEDIUM / HIGH / CRITICAL

### Findings
[Severity] [Category] — [Description]
  Location: [file:line]
  Recommendation: [fix]

### Summary
- Critical: N
- High: N
- Medium: N
- Low: N
- Passed: N checks

Related Skills

JubaKitiashvili/upgrade-workflow

development

VerifiedTrustedCommunity

Guided version migration for React Native and Expo SDK upgrades

31SKILL.mdUpdated Apr 16, 2026

JubaKitiashvili/upgrade-workflow

JubaKitiashvili/tdd-workflow

development

VerifiedTrustedCommunity

Test-driven development workflow for React Native — Jest, React Native Testing Library, and Detox

31SKILL.mdUpdated Apr 16, 2026

JubaKitiashvili/tdd-workflow