How does it handle sensitive data like API keys and tokens?

The skill uses automated pattern matching to detect hardcoded secrets, including API keys, AWS credentials, Firebase tokens, and private keys across source code and configuration files.

Does this tool check native configuration files?

Yes, it audits native iOS Info.plist and AndroidManifest.xml files for insecure permissions, backup settings, and App Transport Security (ATS) misconfigurations.

When should I use this skill during development?

Use this skill during code reviews, before a production release, or when auditing legacy codebases to ensure compliance with mobile security best practices like OWASP MASVS.

What is the React Native Security Audit Claude Code skill?

It is a specialized capability for Claude Code designed to identify security vulnerabilities, sensitive data leaks (PII), and insecure implementation patterns in React Native applications across both JavaScript and native code layers.

Can it help fix insecure data storage issues?

It identifies unencrypted usage of AsyncStorage or Redux persistence and provides remediation guidance to use secure alternatives like React Native Keychain or EncryptedStorage.

React Native Security Audit

Name: React Native Security Audit
Author: johanruttens

byjohanruttens

0•

Security & Testing

Identifies security vulnerabilities, sensitive data leaks, and insecure implementation patterns in React Native applications across both JavaScript and native code layers.

Conducts comprehensive security assessments of React Native applications by scanning for hardcoded secrets, exposed personal data (PII), and insecure storage practices. This skill provides specialized guidance for validating authentication flows, reviewing network security, and ensuring compliance with mobile security best practices like the OWASP MASVS. It covers both the cross-platform JavaScript/TypeScript layer and native iOS/Android configurations, offering remediation strategies and automated scanning scripts to harden mobile applications against common threats.

Key Features

01Native configuration auditing for iOS Info.plist and AndroidManifest.xml security settings.

02Insecure storage analysis for AsyncStorage, Keychain, and Redux persistence configurations.

03Automated secret detection for API keys, tokens, and credentials across source code and config files.

04Network security review focusing on HTTPS enforcement, certificate pinning, and SSL verification.

05PII exposure scanning to identify leaked emails, phone numbers, and credit card patterns.

060 GitHub stars

Use Cases

01Reviewing third-party dependencies and native permissions for potential data privacy risks.

02Aligning React Native application codebases with OWASP Mobile Application Security Verification Standard (MASVS) requirements.

03Performing a pre-release security audit to ensure no sensitive credentials or debug logs are shipped to production.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add johanruttens/handla-shopping-list rn-security-audit

For use in Claude.ai and ChatGPT

Download Skill