Skip to main content

zenticalab-security

Provides security guidance for ZENTICALAB based on OWASP Top 10 2025, focusing on .NET and Angular best practices.

Install this skill

or
0/100

Security score

The zenticalab-security skill was audited on May 27, 2026 and we found 15 security issues across 3 threat categories, including 3 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 363

Eval function call - arbitrary code execution

SourceSKILL.md
363**Nunca usar `eval()` ni `new Function()` en Angular:**
high line 366

Eval function call - arbitrary code execution

SourceSKILL.md
366eval(`console.log('${userInput}')`);
critical line 389

Eval function call - arbitrary code execution

SourceSKILL.md
389- [ ] No usar `eval()`, `new Function()`, `innerHTML` con input de usuario
critical line 760

Eval function call - arbitrary code execution

SourceSKILL.md
760- [ ] No `eval()`, `new Function()`, ni `innerHTML` con input de usuario
medium line 366

Template literal with variable interpolation in command context

SourceSKILL.md
366eval(`console.log('${userInput}')`);
medium line 566

Template literal with variable interpolation in command context

SourceSKILL.md
566```yaml
medium line 721

Template literal with variable interpolation in command context

SourceSKILL.md
721return this.http.get<Item[]>(`${environment.apiUrl}/items`).pipe(
medium line 182

Access to .env file

SourceSKILL.md
182- [ ] Secrets **nunca** en `appsettings.json` — solo en `.env` o Azure Key Vault
medium line 287

Access to .env file

SourceSKILL.md
287- [ ] Connection strings no commitidas (`.env` en `.gitignore`)
low line 16

External URL reference

SourceSKILL.md
16> **Fuentes:** [OWASP Top 10 2025](https://owasp.org/Top10/2025/) | [Angular Security](https://angular.dev/best-practices/security) | [Microsoft OWASP Training](https://learn.microsoft.com/en-us/train
low line 132

External URL reference

SourceSKILL.md
132b.WithOrigins("https://zenticalab.com", "https://admin.zenticalab.com")
low line 769

External URL reference

SourceSKILL.md
769- [OWASP Top 10 2025](https://owasp.org/Top10/2025/)
low line 770

External URL reference

SourceSKILL.md
770- [OWASP Top 10 .NET Developers](https://learn.microsoft.com/en-us/training/modules/owasp-top-10-for-dotnet-developers/)
low line 771

External URL reference

SourceSKILL.md
771- [Angular Security](https://angular.dev/best-practices/security)
low line 772

External URL reference

SourceSKILL.md
772- [ASP.NET Core Security Best Practices](https://learn.microsoft.com/en-us/aspnet/core/security/best-practices)
Scanned on May 27, 2026
View Security Dashboard
Installation guide →
GitHub Stars 19
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawbackendsecurity-engineerbackend-developerdevops-sredevelopment
CamiloAndresGTRUniandes/lucy-ai