Skip to main content

lokalise-observability

Enables comprehensive observability for Lokalise integrations with metrics, traces, and alerts for effective monitoring.

Install this skill

or
0/100

Security score

The lokalise-observability skill was audited on May 24, 2026 and we found 49 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 158

Template literal with variable interpolation in command context

SourceSKILL.md
158```bash
medium line 232

Template literal with variable interpolation in command context

SourceSKILL.md
232```bash
medium line 161

Curl to non-GitHub URL

SourceSKILL.md
161HEADERS=$(curl -sI "https://api.lokalise.com/api2/projects?limit=1" \
medium line 235

Curl to non-GitHub URL

SourceSKILL.md
235curl -s -X POST "https://api.lokalise.com/api2/projects/${LOKALISE_PROJECT_ID}/webhooks" \
medium line 31

Webhook reference - potential data exfiltration

SourceSKILL.md
31Monitor Lokalise translation pipeline health: API response times, rate limit consumption, translation completion rates, webhook delivery reliability, file upload/download status, and per-word cost tra
medium line 38

Webhook reference - potential data exfiltration

SourceSKILL.md
38- Optional: webhook endpoint for real-time event monitoring
medium line 175

Webhook reference - potential data exfiltration

SourceSKILL.md
175### Step 4: Monitor Webhook Delivery
medium line 177

Webhook reference - potential data exfiltration

SourceSKILL.md
177Track webhook processing success and latency in your webhook handler.
low line 182

Webhook reference - potential data exfiltration

SourceSKILL.md
182const webhookMetrics = {
low line 189

Webhook reference - potential data exfiltration

SourceSKILL.md
189app.post("/webhooks/lokalise", async (req: express.Request, res: express.Response) => {
low line 190

Webhook reference - potential data exfiltration

SourceSKILL.md
190webhookMetrics.received++;
low line 197

Webhook reference - potential data exfiltration

SourceSKILL.md
197await processWebhookEvent(req.body);
low line 198

Webhook reference - potential data exfiltration

SourceSKILL.md
198webhookMetrics.processed++;
low line 200

Webhook reference - potential data exfiltration

SourceSKILL.md
200webhookMetrics.failed++;
low line 201

Webhook reference - potential data exfiltration

SourceSKILL.md
201console.error("Webhook processing failed:", error);
low line 205

Webhook reference - potential data exfiltration

SourceSKILL.md
205webhookMetrics.totalLatencyMs += latencyMs;
low line 207

Webhook reference - potential data exfiltration

SourceSKILL.md
207emitCounter("lokalise_webhook_received_total", 1, {
low line 209

Webhook reference - potential data exfiltration

SourceSKILL.md
209status: webhookMetrics.failed > 0 ? "error" : "ok",
low line 211

Webhook reference - potential data exfiltration

SourceSKILL.md
211emitHistogram("lokalise_webhook_processing_ms", latencyMs, {
low line 217

Webhook reference - potential data exfiltration

SourceSKILL.md
217// Health endpoint exposing webhook metrics
low line 218

Webhook reference - potential data exfiltration

SourceSKILL.md
218app.get("/metrics/webhooks", (_req, res) => {
low line 220

Webhook reference - potential data exfiltration

SourceSKILL.md
220received: webhookMetrics.received,
low line 221

Webhook reference - potential data exfiltration

SourceSKILL.md
221processed: webhookMetrics.processed,
low line 222

Webhook reference - potential data exfiltration

SourceSKILL.md
222failed: webhookMetrics.failed,
low line 223

Webhook reference - potential data exfiltration

SourceSKILL.md
223avgLatencyMs: webhookMetrics.received > 0
low line 224

Webhook reference - potential data exfiltration

SourceSKILL.md
224? Math.round(webhookMetrics.totalLatencyMs / webhookMetrics.received)
medium line 230

Webhook reference - potential data exfiltration

SourceSKILL.md
230### Step 5: Register Webhooks for Key Events
low line 235

Webhook reference - potential data exfiltration

SourceSKILL.md
235curl -s -X POST "https://api.lokalise.com/api2/projects/${LOKALISE_PROJECT_ID}/webhooks" \
low line 250

Webhook reference - potential data exfiltration

SourceSKILL.md
250}' | jq '{webhook_id: .webhook.webhook_id, events: .webhook.events}'
low line 279

Webhook reference - potential data exfiltration

SourceSKILL.md
279- alert: WebhookDeliveryFailing
low line 280

Webhook reference - potential data exfiltration

SourceSKILL.md
280expr: rate(lokalise_webhook_received_total{status="error"}[1h]) > 3
low line 282

Webhook reference - potential data exfiltration

SourceSKILL.md
282summary: "Lokalise webhook deliveries failing ({{ $value }} errors/hour)"
medium line 302

Webhook reference - potential data exfiltration

SourceSKILL.md
302| Webhook Success Rate | `rate(lokalise_webhook_received_total{status="ok"}[5m])` | Time series |
medium line 310

Webhook reference - potential data exfiltration

SourceSKILL.md
310- Webhook delivery tracking with latency and error counters
medium line 311

Webhook reference - potential data exfiltration

SourceSKILL.md
311- Prometheus alerting rules for rate limiting, API errors, stalled progress, and webhook failures
medium line 319

Webhook reference - potential data exfiltration

SourceSKILL.md
319| Webhook not firing | Wrong event type registered | Verify event names match API reference |
medium line 326

Webhook reference - potential data exfiltration

SourceSKILL.md
326- [Lokalise Webhooks API](https://developers.lokalise.com/reference/create-a-webhook)
medium line 327

Webhook reference - potential data exfiltration

SourceSKILL.md
327- [Lokalise Webhook Events](https://developers.lokalise.com/docs/webhook-events)
medium line 335

Webhook reference - potential data exfiltration

SourceSKILL.md
335For setting up real-time automation based on webhook events, see `lokalise-webhooks-events`. For incident response procedures when alerts fire, see `lokalise-incident-runbook`.
low line 59

Access to .env file

SourceSKILL.md
59const lok = new LokaliseApi({ apiKey: process.env.LOKALISE_API_TOKEN! });
low line 161

External URL reference

SourceSKILL.md
161HEADERS=$(curl -sI "https://api.lokalise.com/api2/projects?limit=1" \
low line 235

External URL reference

SourceSKILL.md
235curl -s -X POST "https://api.lokalise.com/api2/projects/${LOKALISE_PROJECT_ID}/webhooks" \
low line 239

External URL reference

SourceSKILL.md
239"url": "https://hooks.company.com/lokalise",
low line 271

External URL reference

SourceSKILL.md
271runbook: "Check https://status.lokalise.com. Enable fallback translations."
low line 326

External URL reference

SourceSKILL.md
326- [Lokalise Webhooks API](https://developers.lokalise.com/reference/create-a-webhook)
low line 327

External URL reference

SourceSKILL.md
327- [Lokalise Webhook Events](https://developers.lokalise.com/docs/webhook-events)
low line 328

External URL reference

SourceSKILL.md
328- [Lokalise API Rate Limits](https://developers.lokalise.com/reference/api-rate-limits)
low line 329

External URL reference

SourceSKILL.md
329- [Lokalise Project Statistics](https://developers.lokalise.com/reference/retrieve-a-project)
low line 330

External URL reference

SourceSKILL.md
330- [Prometheus Alerting Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
Scanned on May 24, 2026
View Security Dashboard
Installation guide →