React Native Update (Pushy) Integration
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup may install or update dependencies on your machine and in your app project.
The setup relies on external package-manager and native dependency commands, including a global npm CLI install. This is expected for React Native integration, but users should understand these commands fetch and install third-party code.
`npm i -g react-native-update-cli`; `npm i react-native-update`; `cd ios && pod install`; `npx expo prebuild`
Run these commands intentionally, preferably in a clean working tree, and review package sources, lockfile changes, and generated native files before committing.
The diagnostic script will inspect files in the selected React Native project and print integration status.
The helper is a shell script that runs local node and grep commands inside the selected app root. Its observed behavior is diagnostic and read-only, but it is still local command execution.
APP_ROOT="${1:-$(pwd)}"
cd "$APP_ROOT"
...
if node -e "const p=require('./package.json'); ..."
...
if grep -R --line-number --include='package.json' 'expo-updates' .Review the script before running it and pass the intended app root path explicitly if your workspace contains multiple projects.
If misconfigured, app users could receive or apply updates in a way that is hard to notice or recover from.
The skill helps configure release-build hot updates, including silent update strategies. This is central to the stated purpose, but a bad update strategy or rollout can affect many installed app clients.
`updateStrategy`: `alwaysAlert` / `alertUpdateAndIgnoreError` / `silentAndNow` / `silentAndLater` / `null`
Use staged rollout, keep server-side rollout rules authoritative, test rollback behavior, and avoid silent strategies unless they match your release policy.