api-pro

Expertly integrates third-party APIs with advanced authentication and orchestration, optimizing for Edge performance and autonomous agents.

Install this skill

or

8/100

Security score

The api-pro skill was audited on Jun 1, 2026 and we found 22 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 137

Template literal with variable interpolation in command context

SourceSKILL.md

137	console.log(`[Research Progress]: ${update.message}`);

medium line 167

Template literal with variable interpolation in command context

SourceSKILL.md

167	console.log(`Processing sub: ${sub.id}`);

medium line 172

Template literal with variable interpolation in command context

SourceSKILL.md

172	console.log(`Cancelling sub: ${sub.id} for customer ${sub.customer}`);

medium line 191

Template literal with variable interpolation in command context

SourceSKILL.md

191	console.log(`Customer Email: ${paymentIntent.customer.email}`);

medium line 286

Template literal with variable interpolation in command context

SourceSKILL.md

286	throw new Error(`API_ERROR_${response.status}`);

high line 441

Template literal with variable interpolation in command context

SourceSKILL.md

441	- Fix: Ensure `AUTH_URL` matches the request origin exactly. In Vercel, use `AUTH_URL=${VERCEL_URL}`.

medium line 484

Template literal with variable interpolation in command context

SourceSKILL.md

484	const response = await fetch(`${this.baseURL}${endpoint}`, {

medium line 487

Template literal with variable interpolation in command context

SourceSKILL.md

487	'Authorization': `Bearer ${this.apiKey}`,

medium line 495

Template literal with variable interpolation in command context

SourceSKILL.md

495	console.log(`[API] ${options.method \|\| 'GET'} ${endpoint} - ${response.status} (${duration}ms)`);

medium line 499

Template literal with variable interpolation in command context

SourceSKILL.md

499	throw new Error(`API Request Failed: ${response.status} - ${JSON.stringify(errorData)}`);

medium line 515

Template literal with variable interpolation in command context

SourceSKILL.md

515	return this.request(`/users/${id}`, UserSchema);

medium line 311

Webhook reference - potential data exfiltration

SourceSKILL.md

311	### 4.2 Webhook Signature Verification (Edge Ready)

low line 317

Webhook reference - potential data exfiltration

SourceSKILL.md

317	* Verifies a webhook signature using Web Crypto API.

medium line 417

Webhook reference - potential data exfiltration

SourceSKILL.md

417	3. DO NOT perform heavy processing in Webhook handlers. Acknowledge the receipt (200 OK) and queue the work (e.g., using Inngest or BullMQ).

medium line 525

Webhook reference - potential data exfiltration

SourceSKILL.md

525	\| Security \| Webhook signatures verified using `crypto.subtle`? \| [ ] \|

low line 28

Access to .env file

SourceSKILL.md

28	# .env.local

low line 154

Access to .env file

SourceSKILL.md

154	const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {

low line 382

Access to .env file

SourceSKILL.md

382	process.env.SECRET

low line 475

Access to .env file

SourceSKILL.md

475	this.baseURL = process.env.API_BASE_URL!;

low line 476

Access to .env file

SourceSKILL.md

476	this.apiKey = process.env.API_SECRET_KEY!;

medium line 529

Access to .env file

SourceSKILL.md

529	\| AI Readiness \| Repomix config updated to exclude `.env` and `dist`? \| [ ] \|

low line 30

External URL reference

SourceSKILL.md

30	AUTH_URL=https://myapp.com/api/auth # Base URL for the auth system

Scanned on Jun 1, 2026

View Security Dashboard

Installation guide →

Rate this skill

Categorydevelopment

UpdatedJune 10, 2026

openclaw api backend backend-developer ml-ai-engineer product-manager growth-pm technical-pm stripe vercel replicate development product

David-Li0406/meta-skill-evloving