C
SCORE 55 / 100
$skillox install vueuse-functionsSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.
Why grade C?
score · 55 / 100The current grade reflects 11 medium findings (6+ MEDs → C).
0 CRIT0 HIGH11 MED0 LOW
To reach a higher grade
- BReach Btarget score 75
Resolve 6 of 11 MED (cap is 5).
- AReach Atarget score 95
Resolve 9 of 11 MED (cap is 2).
Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.
Latest scan findings
Scan crawl-eu4ksawgacwjk3qh2oypzs9a · Thu, 28 May 2026 17:41:56 GMT · 3ms
medNo capability manifest declaredThe skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.rule: no-manifest▾
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule:
no-manifestmedLink text shows "document.visibilitystate" but points at developer.mozilla.orgThe visible link text contains the domain `document.visibilitystate`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "document.visibilitystate" but points at developer.mozilla.org
The visible link text contains the domain `document.visibilitystate`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
56|----------|-------------|------------|
57| [`useActiveElement`](references/useActiveElement.md) | Reactive `document.activeElement` | AUTO |
58| [`useDocumentVisibility`](references/useDocumentVisibility.md) | Reactively track [`document.visibilityState`](https://developer.mozilla.org/en-US/docs/Web/API/Document/visibilityState) | AUTO |← text→document.visibilitystate · href→developer.mozilla.org
59| [`useDraggable`](references/useDraggable.md) | Make elements draggable | AUTO |
60| [`useDropZone`](references/useDropZone.md) | Create a zone where files can be dropped | AUTO |
medLink text shows "window.devicepixelratio" but points at developer.mozilla.orgThe visible link text contains the domain `window.devicepixelratio`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "window.devicepixelratio" but points at developer.mozilla.org
The visible link text contains the domain `window.devicepixelratio`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
132| [`useDeviceMotion`](references/useDeviceMotion.md) | Reactive [DeviceMotionEvent](https://developer.mozilla.org/en-US/docs/Web/API/DeviceMotionEvent) | AUTO |
133| [`useDeviceOrientation`](references/useDeviceOrientation.md) | Reactive [DeviceOrientationEvent](https://developer.mozilla.org/en-US/docs/Web/API/DeviceOrientationEvent) | AUTO |
134| [`useDevicePixelRatio`](references/useDevicePixelRatio.md) | Reactively track [`window.devicePixelRatio`](https://developer.mozilla.org/docs/Web/API/Window/devicePixelRatio) | AUTO |← text→window.devicepixelratio · href→developer.mozilla.org
135| [`useDevicesList`](references/useDevicesList.md) | Reactive [enumerateDevices](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices) listing available input/output devices | AUTO |
136| [`useDisplayMedia`](references/useDisplayMedia.md) | Reactive [`mediaDevices.getDisplayMedia`](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getDisplayMedia) streaming | AUTO |
medLink text shows "mediadevices.getdisplaymedia" but points at developer.mozilla.orgThe visible link text contains the domain `mediadevices.getdisplaymedia`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "mediadevices.getdisplaymedia" but points at developer.mozilla.org
The visible link text contains the domain `mediadevices.getdisplaymedia`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
134| [`useDevicePixelRatio`](references/useDevicePixelRatio.md) | Reactively track [`window.devicePixelRatio`](https://developer.mozilla.org/docs/Web/API/Window/devicePixelRatio) | AUTO |
135| [`useDevicesList`](references/useDevicesList.md) | Reactive [enumerateDevices](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices) listing available input/output devices | AUTO |
136| [`useDisplayMedia`](references/useDisplayMedia.md) | Reactive [`mediaDevices.getDisplayMedia`](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getDisplayMedia) streaming | AUTO |← text→mediadevices.getdisplaymedia · href→developer.mozilla.org
137| [`useElementByPoint`](references/useElementByPoint.md) | Reactive element by point | AUTO |
138| [`useElementHover`](references/useElementHover.md) | Reactive element's hover state | AUTO |
medLink text shows "navigator.language" but points at developer.mozilla.orgThe visible link text contains the domain `navigator.language`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "navigator.language" but points at developer.mozilla.org
The visible link text contains the domain `navigator.language`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
147| [`useMouse`](references/useMouse.md) | Reactive mouse position | AUTO |
148| [`useMousePressed`](references/useMousePressed.md) | Reactive mouse pressing state | AUTO |
149| [`useNavigatorLanguage`](references/useNavigatorLanguage.md) | Reactive [navigator.language](https://developer.mozilla.org/en-US/docs/Web/API/Navigator/language) | AUTO |← text→navigator.language · href→developer.mozilla.org
150| [`useNetwork`](references/useNetwork.md) | Reactive [Network status](https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API) | AUTO |
151| [`useOnline`](references/useOnline.md) | Reactive online state | AUTO |
medLink text shows "window.getselection" but points at developer.mozilla.orgThe visible link text contains the domain `window.getselection`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "window.getselection" but points at developer.mozilla.org
The visible link text contains the domain `window.getselection`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
160| [`useSpeechSynthesis`](references/useSpeechSynthesis.md) | Reactive [SpeechSynthesis](https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis) | AUTO |
161| [`useSwipe`](references/useSwipe.md) | Reactive swipe detection based on [`TouchEvents`](https://developer.mozilla.org/en-US/docs/Web/API/TouchEvent) | AUTO |
162| [`useTextSelection`](references/useTextSelection.md) | Reactively track user text selection based on [`Window.getSelection`](https://developer.mozilla.org/en-US/docs/Web/API/Window/getSelection) | AUTO |← text→window.getselection · href→developer.mozilla.org
163| [`useUserMedia`](references/useUserMedia.md) | Reactive [`mediaDevices.getUserMedia`](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia) streaming | AUTO |
164
medLink text shows "mediadevices.getusermedia" but points at developer.mozilla.orgThe visible link text contains the domain `mediadevices.getusermedia`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "mediadevices.getusermedia" but points at developer.mozilla.org
The visible link text contains the domain `mediadevices.getusermedia`, but the URL actually targets `developer.mozilla.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
161| [`useSwipe`](references/useSwipe.md) | Reactive swipe detection based on [`TouchEvents`](https://developer.mozilla.org/en-US/docs/Web/API/TouchEvent) | AUTO |
162| [`useTextSelection`](references/useTextSelection.md) | Reactively track user text selection based on [`Window.getSelection`](https://developer.mozilla.org/en-US/docs/Web/API/Window/getSelection) | AUTO |
163| [`useUserMedia`](references/useUserMedia.md) | Reactive [`mediaDevices.getUserMedia`](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia) streaming | AUTO |← text→mediadevices.getusermedia · href→developer.mozilla.org
164
165### Network
medLink text shows "ipcrenderer.invoke" but points at www.electronjs.orgThe visible link text contains the domain `ipcrenderer.invoke`, but the URL actually targets `www.electronjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "ipcrenderer.invoke" but points at www.electronjs.org
The visible link text contains the domain `ipcrenderer.invoke`, but the URL actually targets `www.electronjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
312|----------|-------------|------------|
313| [`useIpcRenderer`](references/useIpcRenderer.md) | Provides [ipcRenderer](https://www.electronjs.org/docs/api/ipc-renderer) and all of its APIs | EXTERNAL |
314| [`useIpcRendererInvoke`](references/useIpcRendererInvoke.md) | Reactive [ipcRenderer.invoke API](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendererinvokechannel-args) result | EXTERNAL |← text→ipcrenderer.invoke · href→www.electronjs.org
315| [`useIpcRendererOn`](references/useIpcRendererOn.md) | Use [ipcRenderer.on](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendereronchannel-listener) with ease and [ipcRenderer.removeListener](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendererremovelistenerchannel-listener) automatically on unmounted | EXTERNAL |
316| [`useZoomFactor`](references/useZoomFactor.md) | Reactive [WebFrame](https://www.electronjs.org/docs/api/web-frame#webframe) zoom factor | EXTERNAL |
medLink text shows "ipcrenderer.on" but points at www.electronjs.orgThe visible link text contains the domain `ipcrenderer.on`, but the URL actually targets `www.electronjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "ipcrenderer.on" but points at www.electronjs.org
The visible link text contains the domain `ipcrenderer.on`, but the URL actually targets `www.electronjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
313| [`useIpcRenderer`](references/useIpcRenderer.md) | Provides [ipcRenderer](https://www.electronjs.org/docs/api/ipc-renderer) and all of its APIs | EXTERNAL |
314| [`useIpcRendererInvoke`](references/useIpcRendererInvoke.md) | Reactive [ipcRenderer.invoke API](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendererinvokechannel-args) result | EXTERNAL |
315| [`useIpcRendererOn`](references/useIpcRendererOn.md) | Use [ipcRenderer.on](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendereronchannel-listener) with ease and [ipcRenderer.removeListener](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendererremovelistenerchannel-listener) automatically on unmounted | EXTERNAL |← text→ipcrenderer.on · href→www.electronjs.org
316| [`useZoomFactor`](references/useZoomFactor.md) | Reactive [WebFrame](https://www.electronjs.org/docs/api/web-frame#webframe) zoom factor | EXTERNAL |
317| [`useZoomLevel`](references/useZoomLevel.md) | Reactive [WebFrame](https://www.electronjs.org/docs/api/web-frame#webframe) zoom level | EXTERNAL |
medLink text shows "ipcrenderer.removelistener" but points at www.electronjs.orgThe visible link text contains the domain `ipcrenderer.removelistener`, but the URL actually targets `www.electronjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "ipcrenderer.removelistener" but points at www.electronjs.org
The visible link text contains the domain `ipcrenderer.removelistener`, but the URL actually targets `www.electronjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
313| [`useIpcRenderer`](references/useIpcRenderer.md) | Provides [ipcRenderer](https://www.electronjs.org/docs/api/ipc-renderer) and all of its APIs | EXTERNAL |
314| [`useIpcRendererInvoke`](references/useIpcRendererInvoke.md) | Reactive [ipcRenderer.invoke API](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendererinvokechannel-args) result | EXTERNAL |
315| [`useIpcRendererOn`](references/useIpcRendererOn.md) | Use [ipcRenderer.on](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendereronchannel-listener) with ease and [ipcRenderer.removeListener](https://www.electronjs.org/docs/api/ipc-renderer#ipcrendererremovelistenerchannel-listener) automatically on unmounted | EXTERNAL |← text→ipcrenderer.removelistener · href→www.electronjs.org
316| [`useZoomFactor`](references/useZoomFactor.md) | Reactive [WebFrame](https://www.electronjs.org/docs/api/web-frame#webframe) zoom factor | EXTERNAL |
317| [`useZoomLevel`](references/useZoomLevel.md) | Reactive [WebFrame](https://www.electronjs.org/docs/api/web-frame#webframe) zoom level | EXTERNAL |
medLink text shows "fuse.js" but points at github.comThe visible link text contains the domain `fuse.js`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "fuse.js" but points at github.com
The visible link text contains the domain `fuse.js`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
342| [`useDrauu`](references/useDrauu.md) | Reactive instance for [drauu](https://github.com/antfu/drauu) | EXTERNAL |
343| [`useFocusTrap`](references/useFocusTrap.md) | Reactive wrapper for [`focus-trap`](https://github.com/focus-trap/focus-trap) | EXTERNAL |
344| [`useFuse`](references/useFuse.md) | Easily implement fuzzy search using a composable with [Fuse.js](https://github.com/krisk/fuse) | EXTERNAL |← text→fuse.js · href→github.com
345| [`useIDBKeyval`](references/useIDBKeyval.md) | Wrapper for [`idb-keyval`](https://www.npmjs.com/package/idb-keyval) | EXTERNAL |
346| [`useJwt`](references/useJwt.md) | Wrapper for [`jwt-decode`](https://github.com/auth0/jwt-decode) | EXTERNAL |
skillox.io/c/vueuse-functions