chat-widget
Creates a real-time support chat system with a user widget and admin dashboard for effective customer support.
Install this skill
Security score
The chat-widget skill was audited on May 14, 2026 and we found 11 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 592 | const ws = new WebSocket(`${websocketUrl}?chat_id=${chat.id}`) |
Template literal with variable interpolation in command context
| 644 | <span className={`w-2 h-2 rounded-full ${connected ? 'bg-green-500' : 'bg-gray-400'}`} /> |
Template literal with variable interpolation in command context
| 648 | <div key={m.id} className={`p-2 rounded ${m.sender_type === 'user' ? 'bg-blue-100 ml-auto' : 'bg-gray-100'}`}> |
Template literal with variable interpolation in command context
| 711 | await pusher.trigger(`support-chat-${chatId}`, 'new-message', messageData) |
Template literal with variable interpolation in command context
| 714 | const channel = pusher.subscribe(`support-chat-${chatId}`) |
Template literal with variable interpolation in command context
| 790 | ws = new WebSocket(`/ws/chat?id=${chat.value?.id}`) |
Fetch to external URL
| 270 | fetch('/support_chat') |
Fetch to external URL
| 296 | fetch('/support_chat/mark_read', { method: 'PATCH' }) |
Fetch to external URL
| 584 | fetch('/api/support_chat').then(r => r.json()).then(data => { |
Fetch to external URL
| 786 | const res = await fetch('/api/support-chat') |
Fetch to external URL
| 893 | fetch('/api/support-chat/messages?since=' + lastMessageTime) |