Skip to main content

api-integration-builder

Facilitates the creation of robust third-party API integrations, ensuring secure and efficient data handling and synchronization.

Install this skill

or
0/100

Security score

The api-integration-builder skill was audited on Feb 9, 2026 and we found 74 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 56

Template literal with variable interpolation in command context

SourceSKILL.md
56return fetch(`https://api.service.com${endpoint}`, {
medium line 59

Template literal with variable interpolation in command context

SourceSKILL.md
59Authorization: `Bearer ${this.apiKey}`,
medium line 181

Template literal with variable interpolation in command context

SourceSKILL.md
181return fetch(`https://api.service.com${endpoint}`, options)
medium line 201

Template literal with variable interpolation in command context

SourceSKILL.md
201console.log(`Rate limited, waiting ${waitTime}ms`)
medium line 224

Template literal with variable interpolation in command context

SourceSKILL.md
224super(`API Error: ${statusCode}`)
medium line 289

Template literal with variable interpolation in command context

SourceSKILL.md
289console.log(`Attempt ${attempt + 1} failed, retrying in ${delay}ms`)
medium line 343

Template literal with variable interpolation in command context

SourceSKILL.md
343console.log(`Webhook ${event_id} already processed`)
medium line 524

Template literal with variable interpolation in command context

SourceSKILL.md
524Authorization: `Bearer ${accessToken}`,
medium line 540

Template literal with variable interpolation in command context

SourceSKILL.md
540headers: { Authorization: `Bearer ${accessToken}` }
medium line 546

Template literal with variable interpolation in command context

SourceSKILL.md
546throw new Error(`Slack API error: ${data.error}`)
medium line 605

Template literal with variable interpolation in command context

SourceSKILL.md
605const message = [`To: ${to}`, `Subject: ${subject}`, '', body].join('\n')
medium line 698

Template literal with variable interpolation in command context

SourceSKILL.md
698.update(`${timestamp}.${JSON.stringify(payload)}`)
medium line 704

Template literal with variable interpolation in command context

SourceSKILL.md
704'stripe-signature': `t=${timestamp},v1=${signature}`
medium line 806

Template literal with variable interpolation in command context

SourceSKILL.md
806title: `High error rate for ${service} integration`,
medium line 807

Template literal with variable interpolation in command context

SourceSKILL.md
807message: `${recentErrors} errors in last 5 minutes`
low line 96

Fetch to external URL

SourceSKILL.md
96const tokenResponse = await fetch('https://slack.com/api/oauth.v2.access', {
low line 135

Fetch to external URL

SourceSKILL.md
135const refreshResponse = await fetch('https://slack.com/api/oauth.v2.access', {
low line 521

Fetch to external URL

SourceSKILL.md
521fetch('https://slack.com/api/chat.postMessage', {
low line 539

Fetch to external URL

SourceSKILL.md
539const response = await fetch('https://slack.com/api/conversations.list', {
medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: Build reliable third-party API integrations including OAuth, webhooks, rate limiting, error handling, and data sync. Use when integrating with external services (Slack, Stripe, Gmail, etc
low line 29

Webhook reference - potential data exfiltration

SourceSKILL.md
29└── Webhooks (if supported)
medium line 36

Webhook reference - potential data exfiltration

SourceSKILL.md
363. **Webhook Handler**: Receive real-time updates from third parties
medium line 301

Webhook reference - potential data exfiltration

SourceSKILL.md
301## Webhook Handling
medium line 303

Webhook reference - potential data exfiltration

SourceSKILL.md
303### Receiving Webhooks
low line 306

Webhook reference - potential data exfiltration

SourceSKILL.md
306interface WebhookPayload {
low line 313

Webhook reference - potential data exfiltration

SourceSKILL.md
313app.post('/webhooks/stripe', async (req, res) => {
low line 319

Webhook reference - potential data exfiltration

SourceSKILL.md
319event = stripe.webhooks.constructEvent(req.body, signature, STRIPE_WEBHOOK_SECRET)
low line 321

Webhook reference - potential data exfiltration

SourceSKILL.md
321console.error('⚠️ Webhook signature verification failed:', error.message)
low line 322

Webhook reference - potential data exfiltration

SourceSKILL.md
322return res.status(400).send('Webhook signature verification failed')
low line 325

Webhook reference - potential data exfiltration

SourceSKILL.md
325// 2. Respond immediately (don't make webhook wait)
low line 329

Webhook reference - potential data exfiltration

SourceSKILL.md
329await queue.add('process-webhook', {
low line 336

Webhook reference - potential data exfiltration

SourceSKILL.md
336// Process webhook in background job
low line 337

Webhook reference - potential data exfiltration

SourceSKILL.md
337async function processWebhook(job: Job) {
low line 340

Webhook reference - potential data exfiltration

SourceSKILL.md
340// Idempotency check (handle duplicate webhooks)
low line 341

Webhook reference - potential data exfiltration

SourceSKILL.md
341const existing = await db.webhookEvents.findOne({ event_id })
low line 343

Webhook reference - potential data exfiltration

SourceSKILL.md
343console.log(`Webhook ${event_id} already processed`)
low line 348

Webhook reference - potential data exfiltration

SourceSKILL.md
348await db.webhookEvents.create({ event_id, status: 'processing' })
low line 364

Webhook reference - potential data exfiltration

SourceSKILL.md
364await db.webhookEvents.update(event_id, { status: 'completed' })
low line 367

Webhook reference - potential data exfiltration

SourceSKILL.md
367await db.webhookEvents.update(event_id, {
medium line 377

Webhook reference - potential data exfiltration

SourceSKILL.md
377### Webhook Security
low line 381

Webhook reference - potential data exfiltration

SourceSKILL.md
381function verifyWebhookSignature(payload: string, signature: string, secret: string): boolean {
low line 389

Webhook reference - potential data exfiltration

SourceSKILL.md
389function validateWebhookTimestamp(timestamp: number, toleranceSeconds = 300) {
low line 407

Webhook reference - potential data exfiltration

SourceSKILL.md
407// Real-time sync: Use webhooks for instant updates
low line 408

Webhook reference - potential data exfiltration

SourceSKILL.md
408realTimeSync(webhookData: any): Promise<void>
low line 440

Webhook reference - potential data exfiltration

SourceSKILL.md
440async realTimeSync(webhookData: any) {
low line 442

Webhook reference - potential data exfiltration

SourceSKILL.md
442const { resourceId, resourceUri } = webhookData
medium line 690

Webhook reference - potential data exfiltration

SourceSKILL.md
690### Webhook Testing
low line 693

Webhook reference - potential data exfiltration

SourceSKILL.md
693// Generate valid webhook signatures for testing
low line 694

Webhook reference - potential data exfiltration

SourceSKILL.md
694function generateTestWebhook(payload: any, secret: string) {
low line 709

Webhook reference - potential data exfiltration

SourceSKILL.md
709describe('Webhook Handler', () => {
low line 710

Webhook reference - potential data exfiltration

SourceSKILL.md
710it('processes valid webhook', async () => {
low line 711

Webhook reference - potential data exfiltration

SourceSKILL.md
711const webhook = generateTestWebhook(
low line 718

Webhook reference - potential data exfiltration

SourceSKILL.md
718STRIPE_WEBHOOK_SECRET
low line 722

Webhook reference - potential data exfiltration

SourceSKILL.md
722.post('/webhooks/stripe')
low line 723

Webhook reference - potential data exfiltration

SourceSKILL.md
723.set(webhook.headers)
low line 724

Webhook reference - potential data exfiltration

SourceSKILL.md
724.send(webhook.payload)
low line 732

Webhook reference - potential data exfiltration

SourceSKILL.md
732.post('/webhooks/stripe')
medium line 862

Webhook reference - potential data exfiltration

SourceSKILL.md
862- [ ] Set up webhook endpoint (if available)
medium line 863

Webhook reference - potential data exfiltration

SourceSKILL.md
863- [ ] Add webhook signature verification
medium line 864

Webhook reference - potential data exfiltration

SourceSKILL.md
864- [ ] Implement idempotency for webhooks
medium line 872

Webhook reference - potential data exfiltration

SourceSKILL.md
872❌ **Synchronous webhook processing**: Process webhooks in background jobs
medium line 873

Webhook reference - potential data exfiltration

SourceSKILL.md
873❌ **No idempotency**: Webhooks may be delivered multiple times
medium line 877

Webhook reference - potential data exfiltration

SourceSKILL.md
877❌ **Missing signature verification**: Attackers can forge webhooks
medium line 886

Webhook reference - potential data exfiltration

SourceSKILL.md
886- ✅ Verify webhook signatures
medium line 887

Webhook reference - potential data exfiltration

SourceSKILL.md
887- ✅ Process webhooks idempotently
low line 56

External URL reference

SourceSKILL.md
56return fetch(`https://api.service.com${endpoint}`, {
low line 77

External URL reference

SourceSKILL.md
77const authUrl = new URL('https://slack.com/oauth/v2/authorize')
low line 79

External URL reference

SourceSKILL.md
79authUrl.searchParams.set('redirect_uri', 'https://yourapp.com/auth/slack/callback')
low line 96

External URL reference

SourceSKILL.md
96const tokenResponse = await fetch('https://slack.com/api/oauth.v2.access', {
low line 103

External URL reference

SourceSKILL.md
103redirect_uri: 'https://yourapp.com/auth/slack/callback'
low line 135

External URL reference

SourceSKILL.md
135const refreshResponse = await fetch('https://slack.com/api/oauth.v2.access', {
low line 181

External URL reference

SourceSKILL.md
181return fetch(`https://api.service.com${endpoint}`, options)
low line 521

External URL reference

SourceSKILL.md
521fetch('https://slack.com/api/chat.postMessage', {
low line 539

External URL reference

SourceSKILL.md
539const response = await fetch('https://slack.com/api/conversations.list', {
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapibackendbackend-developerdevops-sredata-engineergrowth-marketerproduct-managerslackstripegmaildevelopmentmarketingproduct
majiayu000/claude-skill-registry