Skip to main content

box-content-api

Facilitates Box API integrations for managing uploads, folders, and document workflows, enhancing application functionality.

Install this skill

or
60/100

Security score

The box-content-api skill was audited on May 26, 2026 and we found 8 security issues across 1 threat category. Review the findings below before installing.

Categories Tested

Security Issues

medium line 10

Webhook reference - potential data exfiltration

SourceSKILL.md
10Implement Box content workflows in application code. Reuse the repository's existing auth and HTTP or SDK stack whenever possible, identify the acting Box identity before coding, and make the smallest
medium line 19

Webhook reference - potential data exfiltration

SourceSKILL.md
19| Event-driven ingestion, new-file triggers, or webhook debugging | Webhook or events feed | `references/webhooks-and-events.md` | `references/auth-and-setup.md`, `references/troubleshooting.md` | Sig
medium line 28

Webhook reference - potential data exfiltration

SourceSKILL.md
281. Inspect the repository for existing Box auth, SDK or HTTP client, env vars, webhook handlers, Box ID persistence, and tests.
medium line 38

Webhook reference - potential data exfiltration

SourceSKILL.md
38- Webhooks and events: `references/webhooks-and-events.md`
medium line 50

Webhook reference - potential data exfiltration

SourceSKILL.md
50- Keep access tokens, client secrets, private keys, and webhook secrets in env vars or the project's secret manager.
medium line 59

Webhook reference - potential data exfiltration

SourceSKILL.md
59- Make webhook and event consumers idempotent. Box delivery and retry paths can produce duplicates.
medium line 69

Webhook reference - potential data exfiltration

SourceSKILL.md
69- For webhooks, test the minimal happy path, duplicate delivery, and signature failure handling.
medium line 100

Webhook reference - potential data exfiltration

SourceSKILL.md
100- `references/webhooks-and-events.md`: webhook setup, event-feed usage, idempotency, and verification
Scanned on May 26, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
codexapibackendbackend-developerdata-engineerproduct-managerdevelopmentproduct
Michaelunkai/study--AI_ML-AI_and_Machine_Learning-Artificial_Intelligence-openclaw