Oathe Security Badge

Is .experimental/react-testing-library safe?

https://github.com/pproenca/dot-skills/tree/master/skills/.experimental/react-testing-library

89
SAFE

This React Testing Library skill appears to be legitimate educational content providing comprehensive best practices for React component testing. While monitoring detected some sensitive file access during installation, no data was exfiltrated and the skill itself contains only documentation with no executable code.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

MEDIUM Sensitive File Access During Installation -25

The monitoring system detected access to sensitive files including .env, SSH keys, AWS credentials, npm config, Docker config, and GCloud credentials during the installation period. While the canary integrity check confirms no data was exfiltrated or modified, the access to these files raises a security concern.

LOW Extensive External Documentation References -5

The skill contains numerous references to external documentation and resources. While these appear legitimate (Testing Library docs, Kent C. Dodds blog posts), extensive external references could potentially be misused in future updates or by attackers who compromise the referenced domains.

LOW Canary File Access Without Modification -10

Honeypot files were accessed during the monitoring period but were not modified or their contents exfiltrated. This could indicate system-level processes rather than malicious activity from the skill itself.