actions
Enables the creation and management of agent actions for app operations, providing structured input/output and type-safe HTTP endpoints.
Install this skill
or
75/100
Security score
The actions skill was audited on Jun 6, 2026 and we found 5 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 172
Fetch to external URL
SourceSKILL.md
| 172 | The frontend calls actions using React Query hooks from `@agent-native/core/client`. Components should not hand-write `fetch("/_agent-native/actions/...")`; add or reuse a client hook/helper instead. |
medium line 76
Webhook reference - potential data exfiltration
SourceSKILL.md
| 76 | tokens, webhook URLs, signing secrets, OAuth refresh tokens, private |
medium line 99
Webhook reference - potential data exfiltration
SourceSKILL.md
| 99 | 3. **Create a custom route only for route-only concerns** such as uploads, streaming, webhooks, OAuth callbacks, or a non-JSON protocol. |
medium line 242
Webhook reference - potential data exfiltration
SourceSKILL.md
| 242 | - **Webhooks** — external services POST to a specific URL |
medium line 79
Access to .env file
SourceSKILL.md
| 79 | API credential adapter. Use `process.env` only for explicitly deploy-level |
Scanned on Jun 6, 2026
View Security DashboardGitHub Stars 464
Rate this skill
Categorydevelopment
UpdatedJune 10, 2026
frontendreactdocxapidatabasetestingdevopsbackendbackend-developerfullstack-developerproduct-managertechnical-pmdevops-sredevelopmentproduct
BuilderIO/agent-native