rnrepo
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for modifying
android/build.gradleandios/Podfileto include shell execution logic. These scripts usenodeto resolve the file paths of installed NPM packages (e.g.,require.resolve('@rnrepo/build-tools/package.json')). This is a standard pattern in React Native development to locate native modules and build tools within thenode_modulesdirectory. - [EXTERNAL_DOWNLOADS]: The skill configures the development environment to download pre-built binary artifacts (AARs for Android, xcframeworks for iOS) from the vendor's repository at
packages.rnrepo.org. This is the core functionality of the tool and uses a domain associated with the skill's author. Additionally, it provides a command to download and import a GPG public key fromkeys.openpgp.orgfor artifact signature verification, which is a security best practice for enterprise environments.
Audit Metadata