perseus-client

Perseus Client analyzes client-side security vulnerabilities in modern JavaScript frameworks, ensuring safe web applications.

Install this skill

36/100

Security score

The perseus-client skill was audited on Mar 1, 2026 and we found 10 security issues across 3 threat categories, including 3 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 292

Eval function call - arbitrary code execution

SourceSKILL.md

292	eval(data)

high line 376

Eval function call - arbitrary code execution

SourceSKILL.md

376	eval(e.data.code); // RCE via any origin

medium line 105

Template literal with variable interpolation in command context

SourceSKILL.md

105	const user = await db.query(`SELECT * FROM users WHERE id = ${params.id}`);

medium line 132

Template literal with variable interpolation in command context

SourceSKILL.md

132	return db.query(`SELECT * FROM users WHERE name LIKE '%${query}%'`);

medium line 205

Template literal with variable interpolation in command context

SourceSKILL.md

205	return db.query(`SELECT * FROM items WHERE id = ${id}`);

high line 504

Template literal with variable interpolation in command context

SourceSKILL.md

504	return db.query(`SELECT * FROM products WHERE name LIKE '%${query}%'`);

low line 111

Access to .env file

SourceSKILL.md

111	<ClientComponent apiKey={process.env.SECRET_KEY} />

low line 212

Access to .env file

SourceSKILL.md

212	secretKey: process.env.SECRET // Exposed to client!

low line 431

Access to .env file

SourceSKILL.md

431	// Check .env files exposed

low line 388

External URL reference

SourceSKILL.md

388	if (e.origin !== 'https://trusted.com') return;

Scanned on Mar 1, 2026

View Security Dashboard

Install this skill with one command

/learn @kaivyy/client

GitHub Stars 31

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw frontend backend security-engineer frontend-developer backend-developer development

kaivyy/perseus