Skip to main content

native-data-fetching

Facilitates implementation and debugging of network requests and API calls, covering error handling and caching strategies.

Install this skill

or
22/100

Security score

The native-data-fetching skill was audited on Mar 3, 2026 and we found 26 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 36

Template literal with variable interpolation in command context

SourceSKILL.md
36const response = await fetch(`https://api.example.com/users/${userId}`);
medium line 39

Template literal with variable interpolation in command context

SourceSKILL.md
39throw new Error(`HTTP error! status: ${response.status}`);
medium line 54

Template literal with variable interpolation in command context

SourceSKILL.md
54Authorization: `Bearer ${token}`,
medium line 221

Template literal with variable interpolation in command context

SourceSKILL.md
221Authorization: token ? `Bearer ${token}` : "",
medium line 307

Template literal with variable interpolation in command context

SourceSKILL.md
307const response = await fetch(`${API_URL}/users`);
medium line 334

Template literal with variable interpolation in command context

SourceSKILL.md
334const response = await fetch(`${BASE_URL}${path}`);
medium line 335

Template literal with variable interpolation in command context

SourceSKILL.md
335if (!response.ok) throw new Error(`HTTP ${response.status}`);
medium line 340

Template literal with variable interpolation in command context

SourceSKILL.md
340const response = await fetch(`${BASE_URL}${path}`, {
medium line 345

Template literal with variable interpolation in command context

SourceSKILL.md
345if (!response.ok) throw new Error(`HTTP ${response.status}`);
medium line 454

Template literal with variable interpolation in command context

SourceSKILL.md
454if (!response.ok) throw new Error(`HTTP ${response.status}`);
low line 50

Fetch to external URL

SourceSKILL.md
50const response = await fetch("https://api.example.com/users", {
low line 299

Access to .env file

SourceSKILL.md
299// .env
low line 304

Access to .env file

SourceSKILL.md
304const API_URL = process.env.EXPO_PUBLIC_API_URL;
low line 315

Access to .env file

SourceSKILL.md
315// .env.development
low line 318

Access to .env file

SourceSKILL.md
318// .env.production
low line 326

Access to .env file

SourceSKILL.md
326const BASE_URL = process.env.EXPO_PUBLIC_API_URL;
medium line 356

Access to .env file

SourceSKILL.md
356- Restart the dev server after changing `.env` files
low line 432

Access to .env file

SourceSKILL.md
432| |-- Client-side URLs -> EXPO_PUBLIC_ prefix in .env
low line 434

Access to .env file

SourceSKILL.md
434| \-- Multiple environments -> .env.development, .env.production
medium line 488

Access to .env file

SourceSKILL.md
488-> Use EXPO*PUBLIC* env vars with .env.development and .env.production files
medium line 491

Access to .env file

SourceSKILL.md
491-> Client-safe keys: EXPO*PUBLIC* in .env. Secret keys: non-prefixed env vars in API routes only
low line 36

External URL reference

SourceSKILL.md
36const response = await fetch(`https://api.example.com/users/${userId}`);
low line 50

External URL reference

SourceSKILL.md
50const response = await fetch("https://api.example.com/users", {
low line 300

External URL reference

SourceSKILL.md
300EXPO_PUBLIC_API_URL=https://api.example.com
low line 316

External URL reference

SourceSKILL.md
316EXPO_PUBLIC_API_URL=http://localhost:3000
low line 319

External URL reference

SourceSKILL.md
319EXPO_PUBLIC_API_URL=https://api.production.com
Scanned on Mar 3, 2026
View Security Dashboard
Installation guide →
GitHub Stars 278
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
claude-codecursorgithub-copilotcodexchatgptwindsurfclineroo-codeampopencodevibemanusantigravitygemini-cliapifrontendbackendcross-platformfrontend-developerbackend-developerproduct-managergrowth-pmdata-analystdevelopmentproductdata analytics
aiskillstore/marketplace