Skip to main content

lokalise-deploy-integration

Facilitates deployment of Lokalise translations to Vercel, Netlify, and Cloud Run, ensuring seamless integration and environment setup.

Install this skill

or
35/100

Security score

The lokalise-deploy-integration skill was audited on May 12, 2026 and we found 19 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 250

Direct command execution function call

SourceSKILL.md
250execSync("./scripts/download-translations.sh ./src/locales", {
medium line 44

Template literal with variable interpolation in command context

SourceSKILL.md
44```bash
medium line 98

Template literal with variable interpolation in command context

SourceSKILL.md
98```yaml
medium line 162

Template literal with variable interpolation in command context

SourceSKILL.md
162```bash
medium line 199

Template literal with variable interpolation in command context

SourceSKILL.md
199`https://api.lokalise.com/api2/projects/${process.env.LOKALISE_PROJECT_ID}/translations`,
medium line 344

Template literal with variable interpolation in command context

SourceSKILL.md
344```bash
medium line 381

Template literal with variable interpolation in command context

SourceSKILL.md
381```yaml
low line 247

Node child_process module reference

SourceSKILL.md
247const { execSync } = require("child_process");
low line 105

Webhook reference - potential data exfiltration

SourceSKILL.md
105# Trigger from Lokalise webhook (via repository_dispatch)
medium line 160

Webhook reference - potential data exfiltration

SourceSKILL.md
160To trigger builds when translations change, set up a Lokalise webhook that fires a GitHub `repository_dispatch`:
low line 163

Webhook reference - potential data exfiltration

SourceSKILL.md
163# In your webhook handler (see lokalise-webhooks-events)
medium line 374

Webhook reference - potential data exfiltration

SourceSKILL.md
374| Stale translations in production | Cache not invalidated | Use `repository_dispatch` webhook to trigger rebuild |
low line 199

Access to .env file

SourceSKILL.md
199`https://api.lokalise.com/api2/projects/${process.env.LOKALISE_PROJECT_ID}/translations`,
low line 201

Access to .env file

SourceSKILL.md
201headers: { "X-Api-Token": process.env.LOKALISE_API_TOKEN! },
low line 252

Access to .env file

SourceSKILL.md
252env: process.env,
low line 56

External URL reference

SourceSKILL.md
56"https://api.lokalise.com/api2/projects/${PROJECT_ID}/files/download" \
low line 165

External URL reference

SourceSKILL.md
165"https://api.github.com/repos/OWNER/REPO/dispatches" \
low line 199

External URL reference

SourceSKILL.md
199`https://api.lokalise.com/api2/projects/${process.env.LOKALISE_PROJECT_ID}/translations`,
low line 442

External URL reference

SourceSKILL.md
442- [Lokalise Files API — Download](https://developers.lokalise.com/reference/download-files)
Scanned on May 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categorydevelopment
UpdatedMay 20, 2026
claudeclaude-codecodexfrontenddesignreactgitapitestingdevopsmobilefrontend-developerbackend-developerproduct-managergrowth-pmdevops-srevercelnetlifygcpdevelopmentproduct
jeremylongshore/claude-code-plugins-plus-skills