Auth0 Expo

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Auth0 Expo setup helper, but users should review its token-handling examples before copying them into a real app.

Install only if you intend to configure Auth0 for an Expo app. Confirm the active Auth0 tenant and the script's change plan before applying changes, keep the project under version control, and do not copy examples that log access tokens or pass session transfer tokens in URL query parameters without safer server-side protections.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation constructs a web URL containing a session transfer token in the query string. Tokens in URLs can be exposed through browser history, logs, analytics, referrer headers, screenshots, and intermediary infrastructure, making session hijack or replay more likely if the token is not strictly one-time and very short-lived.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal