pitfalls-security

Provides security patterns for managing session keys, caching sensitive data, and structured logging to enhance application security.

Install this skill

91/100

Security score

The pitfalls-security skill was audited on Mar 3, 2026 and we found 5 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 101

Template literal with variable interpolation in command context

SourceSKILL.md

101	cache.set(`user:${userId}:privateKey`, key); // NEVER!

low line 65

Access to .env file

SourceSKILL.md

65	const apiUrl = import.meta.env.VITE_API_URL; // ✅ VITE_ prefix required

low line 66

Access to .env file

SourceSKILL.md

66	// ❌ process.env.API_URL won't work in frontend

low line 69

Access to .env file

SourceSKILL.md

69	const dbUrl = process.env.DATABASE_URL;

low line 138

Access to .env file

SourceSKILL.md

138	logger.info('Config', { apiKey: process.env.API_KEY }); // NEVER!

Scanned on Mar 3, 2026

View Security Dashboard

Installation guide →

GitHub Stars 278

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw backend security-engineer backend-developer devops-sre development

aiskillstore/marketplace