How does it handle sensitive data like API keys and tokens?

The skill uses automated pattern matching to detect hardcoded secrets, including API keys, AWS credentials, Firebase tokens, and private keys across source code and configuration files.

Does this tool check native configuration files?

Yes, it audits native iOS Info.plist and AndroidManifest.xml files for insecure permissions, backup settings, and App Transport Security (ATS) misconfigurations.

When should I use this skill during development?

Use this skill during code reviews, before a production release, or when auditing legacy codebases to ensure compliance with mobile security best practices like OWASP MASVS.

What is the React Native Security Audit Claude Code skill?

It is a specialized capability for Claude Code designed to identify security vulnerabilities, sensitive data leaks (PII), and insecure implementation patterns in React Native applications across both JavaScript and native code layers.

Can it help fix insecure data storage issues?

It identifies unencrypted usage of AsyncStorage or Redux persistence and provides remediation guidance to use secure alternatives like React Native Keychain or EncryptedStorage.

React Native Security Audit

Name: React Native Security Audit
Author: johanruttens

byjohanruttens

Seguridad y Pruebas

Identifies security vulnerabilities, sensitive data leaks, and insecure implementation patterns in React Native applications across both JavaScript and native code layers.

Acerca de

Conducts comprehensive security assessments of React Native applications by scanning for hardcoded secrets, exposed personal data (PII), and insecure storage practices. This skill provides specialized guidance for validating authentication flows, reviewing network security, and ensuring compliance with mobile security best practices like the OWASP MASVS. It covers both the cross-platform JavaScript/TypeScript layer and native iOS/Android configurations, offering remediation strategies and automated scanning scripts to harden mobile applications against common threats.

Características Principales

Native configuration auditing for iOS Info.plist and AndroidManifest.xml security settings.
Insecure storage analysis for AsyncStorage, Keychain, and Redux persistence configurations.
Automated secret detection for API keys, tokens, and credentials across source code and config files.
Network security review focusing on HTTPS enforcement, certificate pinning, and SSL verification.
PII exposure scanning to identify leaked emails, phone numbers, and credit card patterns.
0 GitHub stars

Casos de Uso

Reviewing third-party dependencies and native permissions for potential data privacy risks.
Aligning React Native application codebases with OWASP Mobile Application Security Verification Standard (MASVS) requirements.
Performing a pre-release security audit to ensure no sensitive credentials or debug logs are shipped to production.

Acerca de

Características Principales

Native configuration auditing for iOS Info.plist and AndroidManifest.xml security settings.
Insecure storage analysis for AsyncStorage, Keychain, and Redux persistence configurations.
Automated secret detection for API keys, tokens, and credentials across source code and config files.
Network security review focusing on HTTPS enforcement, certificate pinning, and SSL verification.
PII exposure scanning to identify leaked emails, phone numbers, and credit card patterns.
0 GitHub stars

Casos de Uso

Reviewing third-party dependencies and native permissions for potential data privacy risks.
Aligning React Native application codebases with OWASP Mobile Application Security Verification Standard (MASVS) requirements.
Performing a pre-release security audit to ensure no sensitive credentials or debug logs are shipped to production.