tanstack-start

Enables developers to build full-stack React applications with type-safe routing and server functions using TanStack Start.

Install this skill

82/100

Security score

The tanstack-start skill was audited on Mar 7, 2026 and we found 6 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 35

Template literal with variable interpolation in command context

SourceSKILL.md

35	return fetch(`/api/users?key=${secret}`)

medium line 42

Template literal with variable interpolation in command context

SourceSKILL.md

42	return fetch(`/api/users?key=${secret}`)

low line 34

Access to .env file

SourceSKILL.md

34	const secret = process.env.SECRET // Exposed to client!

low line 41

Access to .env file

SourceSKILL.md

41	const secret = process.env.SECRET // Server-only

low line 83

Access to .env file

SourceSKILL.md

83	const getDbUrl = createServerOnlyFn(() => process.env.DATABASE_URL)

medium line 280

Access to .env file

SourceSKILL.md

280	1. Never access `process.env` in loaders directly — use `createServerFn` or `createServerOnlyFn`

Scanned on Mar 7, 2026

View Security Dashboard

Installation guide →

GitHub Stars 46

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw frontend backend frontend-developer fullstack-developer product-manager growth-pm ux-designer development product design

joelhooks/joelclaw