React Router Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only React Router code review checklist with no executable install steps, persistence, credential use, or hidden data handling.

Safe to install for React Router code review. Before relying on the verification gate, make sure any separately installed review-verification-protocol skill referenced by this package is also trustworthy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: - **Empty errorElement at route level** - Route may intentionally rely on parent error boundary - **Form without action prop** - Posts to current URL by convention; explicit action is optional - **loader returning null** - Valid when data may not exist; null is a legitimate loader return value - **Using fetcher.data without checking fetcher.state** - May be intentional when stale data is acceptable during revalidation ## Context-Sensitive Rules
Confidence: 75% confidence
Finding: without checking

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal