cloudflare-durable-objects
Builds stateful Durable Objects for real-time applications, enhancing WebSocket servers and persistent state management.
Install this skill
Security score
The cloudflare-durable-objects skill was audited on Feb 9, 2026 and we found 40 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 135 | this.sql.exec(` |
Direct command execution function call
| 143 | const cursor = this.sql.exec('INSERT INTO messages (text, created_at) VALUES (?, ?) RETURNING id', text, Date.now()); |
Direct command execution function call
| 148 | return this.sql.exec('SELECT * FROM messages ORDER BY created_at DESC LIMIT ?', limit).toArray(); |
Direct command execution function call
| 154 | - `sql.exec(query, ...params)` → cursor |
Direct command execution function call
| 452 | this.sql.exec('INSERT OR REPLACE INTO session (key, value, expires_at) VALUES (?, ?, ?)', |
Direct command execution function call
| 457 | this.sql.exec('DELETE FROM session WHERE expires_at < ?', Date.now()); |
Direct command execution function call
| 466 | this.sql.exec('INSERT INTO leader (id, worker_id, elected_at) VALUES (1, ?, ?)', workerId, Date.now()); |
Direct command execution function call
| 521 | this.sql.exec('SELECT * FROM table WHERE id = ?', id); |
Direct command execution function call
| 748 | this.sql.exec('INSERT INTO test (bool_col) VALUES (?)', value ? 1 : 0); |
Direct command execution function call
| 751 | this.sql.exec(` |
Template literal with variable interpolation in command context
| 69 | return new Response(`Count: ${await stub.increment()}`); |
Template literal with variable interpolation in command context
| 439 | const requests = (await this.ctx.storage.get<number[]>(`rate:${userId}`)) || []; |
Template literal with variable interpolation in command context
| 443 | await this.ctx.storage.put(`rate:${userId}`, valid); |
Template literal with variable interpolation in command context
| 477 | await this.ctx.storage.put(`game:${gameId}`, { created: Date.now() }); |
Fetch to external URL
| 349 | const response = await stub.fetch('https://fake-host/increment', { method: 'POST' }); |
External URL reference
| 14 | **Official Docs**: https://developers.cloudflare.com/durable-objects/ |
External URL reference
| 349 | const response = await stub.fetch('https://fake-host/increment', { method: 'POST' }); |
External URL reference
| 588 | **Source**: https://developers.cloudflare.com/durable-objects/get-started/ |
External URL reference
| 598 | **Source**: https://developers.cloudflare.com/durable-objects/reference/durable-objects-migrations/ |
External URL reference
| 611 | **Source**: https://developers.cloudflare.com/durable-objects/api/sqlite-storage-api/ |
External URL reference
| 617 | **Source**: https://developers.cloudflare.com/durable-objects/best-practices/access-durable-objects-storage/ |
External URL reference
| 631 | **Source**: https://developers.cloudflare.com/durable-objects/concepts/durable-object-lifecycle/ |
External URL reference
| 644 | **Source**: https://developers.cloudflare.com/durable-objects/best-practices/websockets/ |
External URL reference
| 659 | **Source**: [Cloudflare Docs](https://developers.cloudflare.com/durable-objects/best-practices/websockets/) | [GitHub Issue #4864](https://github.com/cloudflare/workerd/issues/4864) |
External URL reference
| 670 | **Source**: https://developers.cloudflare.com/durable-objects/platform/known-issues/#global-uniqueness |
External URL reference
| 676 | **Source**: [KV Storage API](https://developers.cloudflare.com/durable-objects/api/legacy-kv-storage-api/) | [GitHub Issue #2993](https://github.com/cloudflare/workerd/issues/2993) |
External URL reference
| 692 | **Source**: https://developers.cloudflare.com/durable-objects/get-started/ |
External URL reference
| 704 | **Source**: https://developers.cloudflare.com/durable-objects/platform/pricing/ |
External URL reference
| 710 | **Source**: https://developers.cloudflare.com/workers/configuration/versions-and-deployments/gradual-deployments/ |
External URL reference
| 716 | **Source**: https://developers.cloudflare.com/durable-objects/reference/data-location/ |
External URL reference
| 722 | **Source**: https://developers.cloudflare.com/durable-objects/api/alarms/ |
External URL reference
| 737 | **Source**: https://developers.cloudflare.com/durable-objects/concepts/durable-object-lifecycle/ |
External URL reference
| 819 | - **Durable Objects**: https://developers.cloudflare.com/durable-objects/ |
External URL reference
| 820 | - **State API (SQL)**: https://developers.cloudflare.com/durable-objects/api/sqlite-storage-api/ |
External URL reference
| 821 | - **WebSocket Hibernation**: https://developers.cloudflare.com/durable-objects/best-practices/websockets/ |
External URL reference
| 822 | - **Alarms API**: https://developers.cloudflare.com/durable-objects/api/alarms/ |
External URL reference
| 823 | - **Migrations**: https://developers.cloudflare.com/durable-objects/reference/durable-objects-migrations/ |
External URL reference
| 824 | - **Best Practices**: https://developers.cloudflare.com/durable-objects/best-practices/ |
External URL reference
| 825 | - **Pricing**: https://developers.cloudflare.com/durable-objects/platform/pricing/ |
External URL reference
| 833 | 3. Consult official docs: https://developers.cloudflare.com/durable-objects/ |