quicknode
Quicknode provides blockchain infrastructure for Solana, enabling low-latency RPC endpoints and real-time data streaming for developers.
Install this skill
Security score
The quicknode skill was audited on Jun 13, 2026 and we found 66 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 546 | const account = privateKeyToAccount(process.env.PRIVATE_KEY as `0x${string}`); |
Fetch to external URL
| 428 | const response = await fetch("https://api.quicknode.com/ipfs/rest/v1/s3/put-object", { |
Fetch to external URL
| 514 | const res = await fetch("https://api.quicknode.com/v0/endpoints", { |
Fetch to external URL
| 520 | const usage = await fetch("https://api.quicknode.com/v0/usage/rpc", { |
Fetch to external URL
| 557 | const response = await x402Fetch("https://x402.quicknode.com/solana-mainnet", { |
Webhook reference - potential data exfiltration
| 3 | description: Quicknode blockchain infrastructure for Solana — RPC endpoints, DAS API (Digital Asset Standard) for NFTs and compressed assets, Yellowstone gRPC streaming, Priority Fee API, Streams (rea |
Webhook reference - potential data exfiltration
| 18 | - **Webhooks**: Event-driven blockchain notifications |
Webhook reference - potential data exfiltration
| 383 | 4. Configure destination (webhook, S3, PostgreSQL, Azure) |
Webhook reference - potential data exfiltration
| 399 | ### Streams vs Webhooks |
Webhook reference - potential data exfiltration
| 401 | | Feature | Streams | Webhooks | |
Webhook reference - potential data exfiltration
| 405 | | **Destinations** | Webhook, S3, Postgres, Azure, Snowflake | HTTP endpoint only | |
Webhook reference - potential data exfiltration
| 409 | ## Webhooks |
Webhook reference - potential data exfiltration
| 413 | ### Webhook Setup |
Webhook reference - potential data exfiltration
| 415 | Create webhooks via the Quicknode dashboard or Admin API to receive notifications when specific on-chain events occur. |
Webhook reference - potential data exfiltration
| 417 | See [resources/webhooks-reference.md](resources/webhooks-reference.md) for API examples and configuration. |
Webhook reference - potential data exfiltration
| 597 | - Require explicit confirmation before creating Streams, Webhooks, or IPFS uploads |
Webhook reference - potential data exfiltration
| 675 | │ ├── webhooks-reference.md # Webhook configuration |
Webhook reference - potential data exfiltration
| 681 | │ └── streams-webhooks/ # Streams and webhook setup |
Access to .env file
| 38 | # .env file |
Access to .env file
| 49 | const rpc = createSolanaRpc(process.env.QUICKNODE_RPC_URL!); |
Access to .env file
| 50 | const rpcSubscriptions = createSolanaRpcSubscriptions(process.env.QUICKNODE_WSS_URL!); |
Access to .env file
| 86 | const rpc = createSolanaRpc(process.env.QUICKNODE_RPC_URL!); |
Access to .env file
| 87 | const rpcSubscriptions = createSolanaRpcSubscriptions(process.env.QUICKNODE_WSS_URL!); |
Access to .env file
| 113 | const connection = new Connection(process.env.QUICKNODE_RPC_URL!); |
Access to .env file
| 134 | const response = await fetch(process.env.QUICKNODE_RPC_URL!, { |
Access to .env file
| 158 | const response = await fetch(process.env.QUICKNODE_RPC_URL!, { |
Access to .env file
| 177 | const response = await fetch(process.env.QUICKNODE_RPC_URL!, { |
Access to .env file
| 283 | const response = await fetch(process.env.QUICKNODE_RPC_URL!, { |
Access to .env file
| 313 | const feeResponse = await fetch(process.env.QUICKNODE_RPC_URL!, { |
Access to .env file
| 345 | basePath: process.env.QUICKNODE_METIS_URL!, |
Access to .env file
| 430 | headers: { "x-api-key": process.env.QUICKNODE_API_KEY! }, |
Access to .env file
| 486 | endpointUrl: process.env.QUICKNODE_RPC_URL!, |
Access to .env file
| 511 | const QN_API_KEY = process.env.QUICKNODE_API_KEY!; |
Access to .env file
| 546 | const account = privateKeyToAccount(process.env.PRIVATE_KEY as `0x${string}`); |
Access to .env file
| 586 | solana: new Core({ endpointUrl: process.env.QUICKNODE_SOL_RPC! }), |
Access to .env file
| 587 | ethereum: new Core({ endpointUrl: process.env.QUICKNODE_ETH_RPC! }), |
Access to .env file
| 588 | polygon: new Core({ endpointUrl: process.env.QUICKNODE_POLYGON_RPC! }), |
Access to .env file
| 603 | const response = await fetch(process.env.QUICKNODE_RPC_URL!, { |
External URL reference
| 30 | 1. Visit [quicknode.com/endpoints](https://www.quicknode.com/endpoints) |
External URL reference
| 39 | QUICKNODE_RPC_URL=https://your-endpoint.solana-mainnet.quiknode.pro/your-token/ |
External URL reference
| 61 | https://{ENDPOINT_NAME}.solana-mainnet.quiknode.pro/{TOKEN}/ |
External URL reference
| 72 | | Mainnet | `https://{name}.solana-mainnet.quiknode.pro/{token}/` | |
External URL reference
| 73 | | Devnet | `https://{name}.solana-devnet.quiknode.pro/{token}/` | |
External URL reference
| 216 | // HTTP: https://example.solana-mainnet.quiknode.pro/TOKEN/ |
External URL reference
| 217 | // gRPC: https://example.solana-mainnet.quiknode.pro:10000 |
External URL reference
| 219 | "https://example.solana-mainnet.quiknode.pro:10000", |
External URL reference
| 428 | const response = await fetch("https://api.quicknode.com/ipfs/rest/v1/s3/put-object", { |
External URL reference
| 435 | // Access via: https://quicknode.quicknode-ipfs.com/ipfs/{pin.cid} |
External URL reference
| 508 | All Admin API requests use the `x-api-key` header against `https://api.quicknode.com/v0/`. |
External URL reference
| 514 | const res = await fetch("https://api.quicknode.com/v0/endpoints", { |
External URL reference
| 520 | const usage = await fetch("https://api.quicknode.com/v0/usage/rpc", { |
External URL reference
| 557 | const response = await x402Fetch("https://x402.quicknode.com/solana-mainnet", { |
External URL reference
| 578 | Full list: [quicknode.com/chains](https://www.quicknode.com/chains) |
External URL reference
| 650 | - [Quicknode Documentation](https://www.quicknode.com/docs/) |
External URL reference
| 651 | - [Solana-Specific Docs](https://www.quicknode.com/docs/solana) |
External URL reference
| 652 | - [DAS API Reference](https://www.quicknode.com/docs/solana/solana-das-api) |
External URL reference
| 653 | - [Yellowstone gRPC](https://www.quicknode.com/docs/solana/yellowstone-grpc/overview) |
External URL reference
| 654 | - [Streams Docs](https://www.quicknode.com/docs/streams) |
External URL reference
| 655 | - [Quicknode SDK](https://www.quicknode.com/docs/quicknode-sdk) |
External URL reference
| 656 | - [Admin API](https://www.quicknode.com/docs/console-api) |
External URL reference
| 657 | - [Key-Value Store](https://www.quicknode.com/docs/key-value-store) |
External URL reference
| 658 | - [x402](https://x402.quicknode.com) |
External URL reference
| 659 | - [LLM-Optimized Docs (llms.txt)](https://www.quicknode.com/llms.txt) |
External URL reference
| 660 | - [Guides](https://www.quicknode.com/guides) |
External URL reference
| 661 | - [Marketplace](https://marketplace.quicknode.com/) |
External URL reference
| 662 | - [Sample Apps](https://www.quicknode.com/sample-app-library) |