stash-cli
Configures and manages CipherStash EQL for PostgreSQL databases, facilitating project setup and encryption schema management.
Install this skill
or
73/100
Security score
The stash-cli skill was audited on May 26, 2026 and we found 7 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 631
Template literal with variable interpolation in command context
SourceSKILL.md
| 631 | console.log(`EQL already installed (version: ${version})`) |
medium line 258
Access to hidden dotfiles in home directory
SourceSKILL.md
| 258 | Opens a browser-based device code flow and saves a token to `~/.cipherstash/auth.json`. Database-touching commands check for this file before running. |
low line 88
Access to .env file
SourceSKILL.md
| 88 | databaseUrl: process.env.DATABASE_URL!, |
medium line 107
Access to .env file
SourceSKILL.md
| 107 | - `.env` files are loaded automatically via `dotenv` before config evaluation. |
medium line 130
Access to .env file
SourceSKILL.md
| 130 | 2. **Resolve database** — picks up `DATABASE_URL` from `.env`/`.env.local` or prompts for it. Verifies the connection. |
medium line 541
Access to .env file
SourceSKILL.md
| 541 | Experimental. Prints the environment variables (`CS_*`) you need to deploy a CipherStash-backed app. With `--write`, writes them into a `.env.production` file. |
low line 8
External URL reference
SourceSKILL.md
| 8 | Configure and use `stash` for project initialization, EQL database setup, encryption schema management, and Supabase integration. Previously published as `@cipherstash/stack-forge`; the `stash-forge` |
Scanned on May 26, 2026
View Security DashboardGitHub Stars 142
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawbackendapidatabasebackend-developerdata-engineerdevops-sreproduct-managertechnical-pmsupabasepostgresqldevelopmentproduct
cipherstash/stack