perseus-client
Perseus Client analyzes client-side security vulnerabilities in modern JavaScript frameworks, ensuring safe web applications.
Install this skill
or
36/100
Security score
The perseus-client skill was audited on Mar 1, 2026 and we found 10 security issues across 3 threat categories, including 3 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 292
Eval function call - arbitrary code execution
SourceSKILL.md
| 292 | eval(data) |
high line 376
Eval function call - arbitrary code execution
SourceSKILL.md
| 376 | eval(e.data.code); // RCE via any origin |
medium line 105
Template literal with variable interpolation in command context
SourceSKILL.md
| 105 | const user = await db.query(`SELECT * FROM users WHERE id = ${params.id}`); |
medium line 132
Template literal with variable interpolation in command context
SourceSKILL.md
| 132 | return db.query(`SELECT * FROM users WHERE name LIKE '%${query}%'`); |
medium line 205
Template literal with variable interpolation in command context
SourceSKILL.md
| 205 | return db.query(`SELECT * FROM items WHERE id = ${id}`); |
high line 504
Template literal with variable interpolation in command context
SourceSKILL.md
| 504 | return db.query(`SELECT * FROM products WHERE name LIKE '%${query}%'`); |
low line 111
Access to .env file
SourceSKILL.md
| 111 | <ClientComponent apiKey={process.env.SECRET_KEY} /> |
low line 212
Access to .env file
SourceSKILL.md
| 212 | secretKey: process.env.SECRET // Exposed to client! |
low line 431
Access to .env file
SourceSKILL.md
| 431 | // Check .env files exposed |
low line 388
External URL reference
SourceSKILL.md
| 388 | if (e.origin !== 'https://trusted.com') return; |
Scanned on Mar 1, 2026
View Security Dashboard