traffical

Traffical enables feature flags, A/B testing, and adaptive optimization for gradual rollouts and experimentation to enhance conversions.

Install this skill

13/100

Security score

The traffical skill was audited on Feb 27, 2026 and we found 19 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 86

Access to hidden dotfiles in home directory

SourceSKILL.md

86	> Important: The `--api-key` flag requires a real Management Key or Full Access key. Never fabricate or guess API keys. If no key is available in environment variables (`TRAFFICAL_API_KEY`) or

medium line 100

Access to hidden dotfiles in home directory

SourceSKILL.md

100	\| `--api-key <key>` \| Management or Full Access key (falls back to `TRAFFICAL_API_KEY` env var or `~/.trafficalrc`) \|

medium line 161

Access to hidden dotfiles in home directory

SourceSKILL.md

161	1. You provide a Management Key (or Full Access key) via `--api-key` or `~/.trafficalrc`

medium line 167

Access to hidden dotfiles in home directory

SourceSKILL.md

167	- The Management Key stays in `~/.trafficalrc` (for CLI operations like push/pull/sync)

low line 113

Access to .env file

SourceSKILL.md

113	├── .env # TRAFFICAL_API_KEY=... (gitignored, auto-generated SDK key)

low line 114

Access to .env file

SourceSKILL.md

114	├── .gitignore # Ensures .env is never committed

medium line 121

Access to .env file

SourceSKILL.md

121	After init, add `TRAFFICAL_API_KEY` from `.traffical/.env` to your project's `.env` or hosting environment for runtime SDK use. The auto-generated key has `sdk:read` and `sdk:write` scopes — just

medium line 163

Access to .env file

SourceSKILL.md

163	3. The CLI auto-creates a project-scoped SDK key via the API and saves it to `.traffical/.env`

medium line 164

Access to .env file

SourceSKILL.md

164	4. The `.traffical/.gitignore` is created/updated to ensure `.env` is never committed

medium line 168

Access to .env file

SourceSKILL.md

168	- The SDK Key goes into `.traffical/.env` (for runtime use in your app)

low line 176

Access to .env file

SourceSKILL.md

176	.traffical/.env

medium line 180

Access to .env file

SourceSKILL.md

180	Copy this value to your project's `.env` or hosting environment variables for your SDK to use at runtime.

medium line 184

Access to .env file

SourceSKILL.md

184	After `traffical init`, the `.traffical/config.yaml` contains `project.id` and `project.orgId`. Use these values (along with an `env` like `"production"`) when initializing the SDK. The SDK key is in

low line 307

Access to .env file

SourceSKILL.md

307	apiKey: process.env.TRAFFICAL_API_KEY!, // from .traffical/.env

low line 334

Access to .env file

SourceSKILL.md

334	apiKey: process.env.TRAFFICAL_API_KEY!,

high line 56

Prompting for API key/token input

SourceSKILL.md

56	1. Initialize — Run `npx @traffical/cli init --api-key <management-key> --framework <name> --yes` to set up the project non-interactively (or check for an existing `.traffical/` directory). The us

high line 86

Prompting for API key/token input

SourceSKILL.md

86	> Important: The `--api-key` flag requires a real Management Key or Full Access key. Never fabricate or guess API keys. If no key is available in environment variables (`TRAFFICAL_API_KEY`) or

low line 86

External URL reference

SourceSKILL.md

86	> Important: The `--api-key` flag requires a real Management Key or Full Access key. Never fabricate or guess API keys. If no key is available in environment variables (`TRAFFICAL_API_KEY`) or

low line 507

External URL reference

SourceSKILL.md

507	- Dashboard: https://app.traffical.io

Scanned on Feb 27, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2

Rate this skill

Categorymarketing

UpdatedMay 21, 2026

openclaw api growth-marketer product-marketer marketing-analyst data-analyst product-manager marketing data analytics product

diegosouzapw/awesome-omni-skill