Skip to main content

native-data-fetching

Facilitates efficient data fetching and API integration in React applications, enhancing network request handling and error management.

Install this skill

or
22/100

Security score

The native-data-fetching skill was audited on Feb 24, 2026 and we found 26 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 46

Template literal with variable interpolation in command context

SourceSKILL.md
46const response = await fetch(`https://api.example.com/users/${userId}`);
medium line 49

Template literal with variable interpolation in command context

SourceSKILL.md
49throw new Error(`HTTP error! status: ${response.status}`);
medium line 64

Template literal with variable interpolation in command context

SourceSKILL.md
64Authorization: `Bearer ${token}`,
medium line 231

Template literal with variable interpolation in command context

SourceSKILL.md
231Authorization: token ? `Bearer ${token}` : "",
medium line 317

Template literal with variable interpolation in command context

SourceSKILL.md
317const response = await fetch(`${API_URL}/users`);
medium line 344

Template literal with variable interpolation in command context

SourceSKILL.md
344const response = await fetch(`${BASE_URL}${path}`);
medium line 345

Template literal with variable interpolation in command context

SourceSKILL.md
345if (!response.ok) throw new Error(`HTTP ${response.status}`);
medium line 350

Template literal with variable interpolation in command context

SourceSKILL.md
350const response = await fetch(`${BASE_URL}${path}`, {
medium line 355

Template literal with variable interpolation in command context

SourceSKILL.md
355if (!response.ok) throw new Error(`HTTP ${response.status}`);
medium line 467

Template literal with variable interpolation in command context

SourceSKILL.md
467if (!response.ok) throw new Error(`HTTP ${response.status}`);
low line 60

Fetch to external URL

SourceSKILL.md
60const response = await fetch("https://api.example.com/users", {
low line 309

Access to .env file

SourceSKILL.md
309// .env
low line 314

Access to .env file

SourceSKILL.md
314const API_URL = process.env.EXPO_PUBLIC_API_URL;
low line 325

Access to .env file

SourceSKILL.md
325// .env.development
low line 328

Access to .env file

SourceSKILL.md
328// .env.production
low line 336

Access to .env file

SourceSKILL.md
336const BASE_URL = process.env.EXPO_PUBLIC_API_URL;
medium line 366

Access to .env file

SourceSKILL.md
366- Restart the dev server after changing `.env` files
low line 445

Access to .env file

SourceSKILL.md
445| |-- Client-side URLs -> EXPO_PUBLIC_ prefix in .env
low line 447

Access to .env file

SourceSKILL.md
447| \-- Multiple environments -> .env.development, .env.production
medium line 501

Access to .env file

SourceSKILL.md
501-> Use EXPO*PUBLIC* env vars with .env.development and .env.production files
medium line 504

Access to .env file

SourceSKILL.md
504-> Client-safe keys: EXPO*PUBLIC* in .env. Secret keys: non-prefixed env vars in API routes only
low line 46

External URL reference

SourceSKILL.md
46const response = await fetch(`https://api.example.com/users/${userId}`);
low line 60

External URL reference

SourceSKILL.md
60const response = await fetch("https://api.example.com/users", {
low line 310

External URL reference

SourceSKILL.md
310EXPO_PUBLIC_API_URL=https://api.example.com
low line 326

External URL reference

SourceSKILL.md
326EXPO_PUBLIC_API_URL=http://localhost:3000
low line 329

External URL reference

SourceSKILL.md
329EXPO_PUBLIC_API_URL=https://api.production.com
Scanned on Feb 24, 2026
View Security Dashboard

Install this skill with one command

/learn @expo/native-data-fetching
GitHub Stars 1.4K
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawapibackendfrontend-developerproduct-managergrowth-pmdevelopmentproduct
expo-app-designexpo/skills