backend-validation

Validates backend APIs and WebSocket endpoints using OIDC authentication, ensuring robust testing with Hurl and websocat.

Install this skill

54/100

Security score

The backend-validation skill was audited on May 31, 2026 and we found 4 security issues across 2 threat categories, including 3 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 29

Access to system keychain/keyring

SourceSKILL.md

29	- macOS: `security add-generic-password` / `security find-generic-password` (macOS Keychain)

high line 30

Access to system keychain/keyring

SourceSKILL.md

30	- Linux: `secret-tool` (libsecret / GNOME Keyring) — install with `apt install libsecret-tools` or equivalent

high line 99

Access to system keychain/keyring

SourceSKILL.md

99	- CI secret storage — keychain is developer-machine-only; CI needs a secret manager.

low line 63

External URL reference

SourceSKILL.md

63	- Redirect URI — the OIDC provider must whitelist `http://localhost:9876/callback` (oauth2c's default) in Strict mode.

Scanned on May 31, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1

Rate this skill

Categorydevelopment

UpdatedJune 4, 2026

openclaw backend testing backend-developer qa-engineer devops-sre development

aibot88/sec_skill_store