insforge
Facilitates frontend integration with InsForge SDK for database queries, authentication, and real-time messaging in web applications.
Install this skill
or
27/100
Security score
The insforge skill was audited on May 13, 2026 and we found 21 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 117
Webhook reference - potential data exfiltration
SourceSKILL.md
| 117 | | [payments/backend-configuration.md](payments/backend-configuration.md) | Configuring Stripe keys, syncing catalog, creating products/prices, webhooks, and portal RLS before app integration | |
medium line 27
Access to .env file
SourceSKILL.md
| 27 | Before using the SDK, create a `.env` file (or `.env.local` for Next.js) in your project root with your InsForge URL and anon key. |
medium line 41
Access to .env file
SourceSKILL.md
| 41 | 4. **Write both values** to the `.env` file using the correct framework prefix (see table below). |
medium line 47
Access to .env file
SourceSKILL.md
| 47 | | Framework | `.env` file | Variables | Access Pattern | |
medium line 49
Access to .env file
SourceSKILL.md
| 49 | | **Next.js** | `.env.local` | `NEXT_PUBLIC_INSFORGE_URL`, `NEXT_PUBLIC_INSFORGE_ANON_KEY` | `process.env.NEXT_PUBLIC_*` | |
medium line 50
Access to .env file
SourceSKILL.md
| 50 | | **Vite** (React, Vue, Svelte) | `.env` | `VITE_INSFORGE_URL`, `VITE_INSFORGE_ANON_KEY` | `import.meta.env.VITE_*` | |
medium line 51
Access to .env file
SourceSKILL.md
| 51 | | **Astro** | `.env` | `PUBLIC_INSFORGE_URL`, `PUBLIC_INSFORGE_ANON_KEY` | `import.meta.env.PUBLIC_*` | |
medium line 52
Access to .env file
SourceSKILL.md
| 52 | | **SvelteKit** | `.env` | `PUBLIC_INSFORGE_URL`, `PUBLIC_INSFORGE_ANON_KEY` | `import { env } from '$env/dynamic/public'` | |
medium line 53
Access to .env file
SourceSKILL.md
| 53 | | **Create React App** | `.env` | `REACT_APP_INSFORGE_URL`, `REACT_APP_INSFORGE_ANON_KEY` | `process.env.REACT_APP_*` | |
medium line 54
Access to .env file
SourceSKILL.md
| 54 | | **Node.js / Server** | `.env` | `INSFORGE_URL`, `INSFORGE_ANON_KEY` | `process.env.*` | |
medium line 56
Access to .env file
SourceSKILL.md
| 56 | Example `.env.local` for Next.js: |
medium line 62
Access to .env file
SourceSKILL.md
| 62 | > **Important:** Never commit `.env` files to version control. Add `.env`, `.env.local`, and `.env*.local` to your `.gitignore` (keep `.env.example` for documenting required variables). |
low line 69
Access to .env file
SourceSKILL.md
| 69 | // Next.js / CRA: use process.env |
low line 71
Access to .env file
SourceSKILL.md
| 71 | baseUrl: process.env.NEXT_PUBLIC_INSFORGE_URL, |
low line 72
Access to .env file
SourceSKILL.md
| 72 | anonKey: process.env.NEXT_PUBLIC_INSFORGE_ANON_KEY |
low line 75
Access to .env file
SourceSKILL.md
| 75 | // Vite / Astro: use import.meta.env |
low line 77
Access to .env file
SourceSKILL.md
| 77 | baseUrl: import.meta.env.VITE_INSFORGE_URL, |
low line 78
Access to .env file
SourceSKILL.md
| 78 | anonKey: import.meta.env.VITE_INSFORGE_ANON_KEY |
medium line 282
Access to .env file
SourceSKILL.md
| 282 | > ⚠ **After `branch create` or `branch switch`**, the SDK's `INSFORGE_URL` and `INSFORGE_ANON_KEY` change. **Restart your dev server** (or re-source `.env`) so the SDK starts talking to the branch bac |
low line 39
External URL reference
SourceSKILL.md
| 39 | 3. **Get the URL** from the `oss_host` field in `.insforge/project.json` (e.g., `https://myapp.us-east.insforge.app`). |
low line 58
External URL reference
SourceSKILL.md
| 58 | NEXT_PUBLIC_INSFORGE_URL=https://your-appkey.us-east.insforge.app |
Scanned on May 13, 2026
View Security DashboardGitHub Stars 9
Rate this skill
Categorydevelopment
UpdatedMay 13, 2026
frontendplaywrightstripereactdocxgitapidatabasetestingdevopsbackendfrontend-developerbackend-developerproduct-managerdevelopmentproduct
InsForge/insforge-skills