chat-sdk
Enables developers to create multi-platform chat bots using Chat SDK, supporting various integrations and interactive features.
Install this skill
or
72/100
Security score
The chat-sdk skill was audited on Jun 6, 2026 and we found 8 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 63
Template literal with variable interpolation in command context
SourceSKILL.md
| 63 | await thread.post(`You said: ${message.text}`); |
medium line 7
Webhook reference - potential data exfiltration
SourceSKILL.md
| 7 | (3) Set up webhook handlers for chat platforms, |
medium line 156
Webhook reference - potential data exfiltration
SourceSKILL.md
| 156 | The adapter must implement `handleWebhook`, `parseMessage`, `postMessage`, `editMessage`, `deleteMessage`, thread ID encoding/decoding, and a `FormatConverter` (extend `BaseFormatConverter` from `chat |
medium line 158
Webhook reference - potential data exfiltration
SourceSKILL.md
| 158 | ## Webhook setup |
medium line 160
Webhook reference - potential data exfiltration
SourceSKILL.md
| 160 | Each adapter exposes a webhook handler via `bot.webhooks.{platform}`. Wire these to your HTTP framework's routes (e.g. Next.js API routes, Hono, Express). |
low line 50
Access to .env file
SourceSKILL.md
| 50 | botToken: process.env.SLACK_BOT_TOKEN!, |
low line 51
Access to .env file
SourceSKILL.md
| 51 | signingSecret: process.env.SLACK_SIGNING_SECRET!, |
low line 54
Access to .env file
SourceSKILL.md
| 54 | state: createRedisState({ url: process.env.REDIS_URL! }), |
Scanned on Jun 6, 2026
View Security Dashboard