hootsuite-local-dev-loop

Sets up a local development environment for Hootsuite with hot reload, testing, and API integration capabilities.

Install this skill

72/100

Security score

The hootsuite-local-dev-loop skill was audited on May 27, 2026 and we found 12 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 72

Template literal with variable interpolation in command context

SourceSKILL.md

72	const response = await fetch(`${this.base}${path}`, {

medium line 74

Template literal with variable interpolation in command context

SourceSKILL.md

74	headers: { 'Authorization': `Bearer ${this.accessToken}`, 'Content-Type': 'application/json', ...options.headers },

medium line 76

Template literal with variable interpolation in command context

SourceSKILL.md

76	if (!response.ok) throw new Error(`Hootsuite API ${response.status}: ${await response.text()}`);

medium line 83

Template literal with variable interpolation in command context

SourceSKILL.md

83	headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': `Basic ${Buffer.from(`${process.env.HOOTSUITE_CLIENT_ID}:${process.env.HOOTSUITE_CLIENT_SECRET}`).toString('base64')}`

low line 81

Fetch to external URL

SourceSKILL.md

81	const res = await fetch('https://platform.hootsuite.com/oauth2/token', {

low line 48

Access to .env file

SourceSKILL.md

48	├── .env.local

low line 65

Access to .env file

SourceSKILL.md

65	this.accessToken = process.env.HOOTSUITE_ACCESS_TOKEN!;

low line 66

Access to .env file

SourceSKILL.md

66	this.refreshToken = process.env.HOOTSUITE_REFRESH_TOKEN!;

low line 83

Access to .env file

SourceSKILL.md

83	headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': `Basic ${Buffer.from(`${process.env.HOOTSUITE_CLIENT_ID}:${process.env.HOOTSUITE_CLIENT_SECRET}`).toString('base64')}`

low line 62

External URL reference

SourceSKILL.md