Security Audit Skill
This skill focuses on making the application robust against common mobile security threats.
Instructions
- •Secret Scanning: Check for API keys, passwords, or tokens in the codebase.
- •Data Storage: Ensure sensitive data is stored in
expo-secure-storeand notAsyncStorage. - •Network: Verify that all API calls use HTTPS and that SSL pinning is considered for high-security apps.
- •Input Validation: Check for unsanitized inputs that could lead to XSS or injection.
- •Permissions: Review
app.jsonfor unnecessary permissions.
Tools to Simulate/Use
- •
bunx audit(for dependencies) - •Custom grep patterns for secrets (e.g.,
sk-,AIza,ghp_) - •Checking for
dangerouslySetInnerHTMLin web-related components.
See Mobile Security Checklist for a comprehensive list.