lokalise-observability
Enables comprehensive observability for Lokalise integrations with metrics, traces, and alerts for effective monitoring.
Install this skill
Security score
The lokalise-observability skill was audited on May 24, 2026 and we found 49 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 158 | ```bash |
Template literal with variable interpolation in command context
| 232 | ```bash |
Curl to non-GitHub URL
| 161 | HEADERS=$(curl -sI "https://api.lokalise.com/api2/projects?limit=1" \ |
Curl to non-GitHub URL
| 235 | curl -s -X POST "https://api.lokalise.com/api2/projects/${LOKALISE_PROJECT_ID}/webhooks" \ |
Webhook reference - potential data exfiltration
| 31 | Monitor Lokalise translation pipeline health: API response times, rate limit consumption, translation completion rates, webhook delivery reliability, file upload/download status, and per-word cost tra |
Webhook reference - potential data exfiltration
| 38 | - Optional: webhook endpoint for real-time event monitoring |
Webhook reference - potential data exfiltration
| 175 | ### Step 4: Monitor Webhook Delivery |
Webhook reference - potential data exfiltration
| 177 | Track webhook processing success and latency in your webhook handler. |
Webhook reference - potential data exfiltration
| 182 | const webhookMetrics = { |
Webhook reference - potential data exfiltration
| 189 | app.post("/webhooks/lokalise", async (req: express.Request, res: express.Response) => { |
Webhook reference - potential data exfiltration
| 190 | webhookMetrics.received++; |
Webhook reference - potential data exfiltration
| 197 | await processWebhookEvent(req.body); |
Webhook reference - potential data exfiltration
| 198 | webhookMetrics.processed++; |
Webhook reference - potential data exfiltration
| 200 | webhookMetrics.failed++; |
Webhook reference - potential data exfiltration
| 201 | console.error("Webhook processing failed:", error); |
Webhook reference - potential data exfiltration
| 205 | webhookMetrics.totalLatencyMs += latencyMs; |
Webhook reference - potential data exfiltration
| 207 | emitCounter("lokalise_webhook_received_total", 1, { |
Webhook reference - potential data exfiltration
| 209 | status: webhookMetrics.failed > 0 ? "error" : "ok", |
Webhook reference - potential data exfiltration
| 211 | emitHistogram("lokalise_webhook_processing_ms", latencyMs, { |
Webhook reference - potential data exfiltration
| 217 | // Health endpoint exposing webhook metrics |
Webhook reference - potential data exfiltration
| 218 | app.get("/metrics/webhooks", (_req, res) => { |
Webhook reference - potential data exfiltration
| 220 | received: webhookMetrics.received, |
Webhook reference - potential data exfiltration
| 221 | processed: webhookMetrics.processed, |
Webhook reference - potential data exfiltration
| 222 | failed: webhookMetrics.failed, |
Webhook reference - potential data exfiltration
| 223 | avgLatencyMs: webhookMetrics.received > 0 |
Webhook reference - potential data exfiltration
| 224 | ? Math.round(webhookMetrics.totalLatencyMs / webhookMetrics.received) |
Webhook reference - potential data exfiltration
| 230 | ### Step 5: Register Webhooks for Key Events |
Webhook reference - potential data exfiltration
| 235 | curl -s -X POST "https://api.lokalise.com/api2/projects/${LOKALISE_PROJECT_ID}/webhooks" \ |
Webhook reference - potential data exfiltration
| 250 | }' | jq '{webhook_id: .webhook.webhook_id, events: .webhook.events}' |
Webhook reference - potential data exfiltration
| 279 | - alert: WebhookDeliveryFailing |
Webhook reference - potential data exfiltration
| 280 | expr: rate(lokalise_webhook_received_total{status="error"}[1h]) > 3 |
Webhook reference - potential data exfiltration
| 282 | summary: "Lokalise webhook deliveries failing ({{ $value }} errors/hour)" |
Webhook reference - potential data exfiltration
| 302 | | Webhook Success Rate | `rate(lokalise_webhook_received_total{status="ok"}[5m])` | Time series | |
Webhook reference - potential data exfiltration
| 310 | - Webhook delivery tracking with latency and error counters |
Webhook reference - potential data exfiltration
| 311 | - Prometheus alerting rules for rate limiting, API errors, stalled progress, and webhook failures |
Webhook reference - potential data exfiltration
| 319 | | Webhook not firing | Wrong event type registered | Verify event names match API reference | |
Webhook reference - potential data exfiltration
| 326 | - [Lokalise Webhooks API](https://developers.lokalise.com/reference/create-a-webhook) |
Webhook reference - potential data exfiltration
| 327 | - [Lokalise Webhook Events](https://developers.lokalise.com/docs/webhook-events) |
Webhook reference - potential data exfiltration
| 335 | For setting up real-time automation based on webhook events, see `lokalise-webhooks-events`. For incident response procedures when alerts fire, see `lokalise-incident-runbook`. |
Access to .env file
| 59 | const lok = new LokaliseApi({ apiKey: process.env.LOKALISE_API_TOKEN! }); |
External URL reference
| 161 | HEADERS=$(curl -sI "https://api.lokalise.com/api2/projects?limit=1" \ |
External URL reference
| 235 | curl -s -X POST "https://api.lokalise.com/api2/projects/${LOKALISE_PROJECT_ID}/webhooks" \ |
External URL reference
| 239 | "url": "https://hooks.company.com/lokalise", |
External URL reference
| 271 | runbook: "Check https://status.lokalise.com. Enable fallback translations." |
External URL reference
| 326 | - [Lokalise Webhooks API](https://developers.lokalise.com/reference/create-a-webhook) |
External URL reference
| 327 | - [Lokalise Webhook Events](https://developers.lokalise.com/docs/webhook-events) |
External URL reference
| 328 | - [Lokalise API Rate Limits](https://developers.lokalise.com/reference/api-rate-limits) |
External URL reference
| 329 | - [Lokalise Project Statistics](https://developers.lokalise.com/reference/retrieve-a-project) |
External URL reference
| 330 | - [Prometheus Alerting Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) |