Skip to main content

arch-microservices

Enables design and implementation of microservices architectures using API gateways and service meshes for scalable applications.

Install this skill

or
14/100

Security score

The arch-microservices skill was audited on Mar 1, 2026 and we found 12 security issues across 2 threat categories, including 5 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 36

Curl to non-GitHub URL

SourceSKILL.md
36- Create a service: `curl -X POST http://localhost:8001/services --data "name=my-service&url=http://myapp.com"`
high line 37

Curl to non-GitHub URL

SourceSKILL.md
37- Add a route: `curl -X POST http://localhost:8001/services/my-service/routes --data "paths[]=/api" --data "methods[]=GET"`
high line 53

Curl to non-GitHub URL

SourceSKILL.md
53Auth requirements: Set environment variables like `$KONG_API_KEY` for authenticated API calls, e.g., `curl -H "apikey: $KONG_API_KEY" http://localhost:8001/services`.
high line 63

Curl to non-GitHub URL

SourceSKILL.md
63For API gateways, use Kong's plugins for error responses: Add a plugin with `curl -X POST http://localhost:8001/services/my-service/plugins --data "name=request-termination" --data "config.status_code
high line 66

Curl to non-GitHub URL

SourceSKILL.md
661. Decomposing and deploying a microservices app: For a blog platform, split into "posts" and "comments" services. Decompose by creating separate Docker images, then set up Kong: Command: `docker run
medium line 63

Webhook reference - potential data exfiltration

SourceSKILL.md
63For API gateways, use Kong's plugins for error responses: Add a plugin with `curl -X POST http://localhost:8001/services/my-service/plugins --data "name=request-termination" --data "config.status_code
low line 36

External URL reference

SourceSKILL.md
36- Create a service: `curl -X POST http://localhost:8001/services --data "name=my-service&url=http://myapp.com"`
low line 37

External URL reference

SourceSKILL.md
37- Add a route: `curl -X POST http://localhost:8001/services/my-service/routes --data "paths[]=/api" --data "methods[]=GET"`
low line 38

External URL reference

SourceSKILL.md
38- Config format: Use Kong's declarative config in YAML, e.g., `_format_version: "1.1" services: - name: my-service url: http://myapp.com`
low line 53

External URL reference

SourceSKILL.md
53Auth requirements: Set environment variables like `$KONG_API_KEY` for authenticated API calls, e.g., `curl -H "apikey: $KONG_API_KEY" http://localhost:8001/services`.
low line 63

External URL reference

SourceSKILL.md
63For API gateways, use Kong's plugins for error responses: Add a plugin with `curl -X POST http://localhost:8001/services/my-service/plugins --data "name=request-termination" --data "config.status_code
low line 66

External URL reference

SourceSKILL.md
661. Decomposing and deploying a microservices app: For a blog platform, split into "posts" and "comments" services. Decompose by creating separate Docker images, then set up Kong: Command: `docker run
Scanned on Mar 1, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapibackenddevopsbackend-developerdevops-sreproduct-managertechnical-pmgrowth-pmdevelopmentproduct
alphaonedev/openclaw-graph