api-client-development
Facilitates the creation of type-safe API clients using OpenAPI specs, ensuring proper authentication and OAuth handling.
Install this skill
Security score
The api-client-development skill was audited on Feb 9, 2026 and we found 11 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 75 | baseUrl: `https://${config.hostname}/api/v1`, |
Template literal with variable interpolation in command context
| 109 | config.scopes = ['sfcc.custom-apis', `SALESFORCE_COMMERCE_API:${tenantId}`]; |
Template literal with variable interpolation in command context
| 138 | baseUrl: `https://${config.shortCode}.api.commercecloud.salesforce.com/my-api/v1`, |
Template literal with variable interpolation in command context
| 249 | baseUrl: `https://${config.shortCode}.api.commercecloud.salesforce.com/dx/custom-apis/v1`, |
Template literal with variable interpolation in command context
| 276 | : `${ORGANIZATION_ID_PREFIX}${tenantId}`; |
Template literal with variable interpolation in command context
| 286 | return `${SCAPI_TENANT_SCOPE_PREFIX}${toTenantId(tenantId)}`; |
Template literal with variable interpolation in command context
| 397 | this.error(`Failed to fetch sites: ${message}`); |
External URL reference
| 75 | baseUrl: `https://${config.hostname}/api/v1`, |
External URL reference
| 138 | baseUrl: `https://${config.shortCode}.api.commercecloud.salesforce.com/my-api/v1`, |
External URL reference
| 249 | baseUrl: `https://${config.shortCode}.api.commercecloud.salesforce.com/dx/custom-apis/v1`, |
External URL reference
| 355 | http.get('https://test.api.commercecloud.salesforce.com/dx/custom-apis/v1/organizations/*/endpoints', () => { |