Oathe Security Badge

Is skills/react-best-practices safe?

https://github.com/vercel-labs/agent-skills/tree/main/skills/react-best-practices

96
SAFE

The vercel-react-best-practices skill is a legitimate, well-structured performance optimization guide for React and Next.js authored by Vercel Engineering. It consists entirely of Markdown documentation files with no executable content, no prompt injection patterns, and no data exfiltration mechanisms. Canary file accesses observed during monitoring are attributable to the audit harness infrastructure (timed before and after the skill install window) rather than the skill itself, and all canary files remained intact. The skill is safe to install.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Canary credential files opened during audit session -8

Honeypot files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were opened twice during monitoring: once at timestamp 1782567054 (5 seconds before the git clone began at 1782567059) and once at 1782567066 (after install completed). The pre-clone accesses are consistent with the audit harness establishing canary baselines via sudo. The post-install accesses are consistent with the harness performing final canary integrity verification. No WRITE syscalls or outbound data transfers were observed for these files. Canary integrity check confirmed all files intact.

INFO AGENTS.md contains external documentation URLs -3

The compiled AGENTS.md references external URLs (github.com/shuding/better-all, vercel.com/blog/..., nextjs.org/docs/..., react.dev/...) as documentation citations within rule explanations. These are presented as reference links in prose, not as directives instructing an agent to fetch content. The risk is negligible but an agent with aggressive web-browsing behavior might follow these links unprompted.

INFO No executable content present — documentation-only skill 0

The skill consists entirely of Markdown files. No package.json scripts, git hooks, shell scripts, or executable code of any kind was found. This is a fully passive documentation skill.