deepspace
Facilitates building real-time collaborative apps using the DeepSpace SDK on Cloudflare Workers with integrated SQLite support.
Install this skill
or
68/100
Security score
The deepspace skill was audited on May 30, 2026 and we found 6 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 139
Template literal with variable interpolation in command context
SourceSKILL.md
| 139 | | `src/constants.ts` | `APP_NAME`, `SCOPE_ID = "app:${APP_NAME}"`, role re-exports. | |
medium line 258
Webhook reference - potential data exfiltration
SourceSKILL.md
| 258 | - **Never assert on secret values in tests.** Test that auth *works* (a request returns 200, a webhook fires) — never `expect(env.STRIPE_SECRET_KEY).toBe('sk_live_…')` and never echo the value into a |
medium line 111
Access to hidden dotfiles in home directory
SourceSKILL.md
| 111 | **Login state is shared across all apps on the machine.** One `deepspace login` covers `dev`, `test-accounts`, and `deploy` for any app. Probe login state with `npx deepspace whoami` (`--json` for age |
medium line 213
Access to hidden dotfiles in home directory
SourceSKILL.md
| 213 | `dev` / `test` / `deploy` themselves require a valid session at `~/.deepspace/session`; if absent, they exit with `Not logged in`. Run \`deepspace login\` first.` Four hard rules: |
low line 69
External URL reference
SourceSKILL.md
| 69 | npx deepspace screenshot http://localhost:5173/ out.png |
low line 70
External URL reference
SourceSKILL.md
| 70 | npx deepspace screenshot http://localhost:5173/ out.png --full-page --wait-for-timeout 500 |
Scanned on May 30, 2026
View Security DashboardGitHub Stars 1
Rate this skill
Categorydevelopment
UpdatedMay 31, 2026
claudecursorfrontenddesignplaywrightstripereactremotiondocxgitapidatabasetestingdevopsbackendfrontend-developerbackend-developerproduct-managergrowth-pmdevops-sredevelopmentproduct
deepdotspace/deepspace-skill