purch-api
Enables AI-powered product searches and crypto checkouts, integrating e-commerce features for seamless shopping experiences.
Install this skill
Security score
The purch-api skill was audited on Feb 9, 2026 and we found 39 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 409 | privateKey: `0x${string}` |
Template literal with variable interpolation in command context
| 420 | const tx = parseTransaction(serializedTransaction as `0x${string}`); |
Template literal with variable interpolation in command context
| 440 | const tx = parseTransaction(serializedTransaction as `0x${string}`); |
Template literal with variable interpolation in command context
| 485 | console.log(`Order ${orderId} paid. Tx: ${signature}`); |
Template literal with variable interpolation in command context
| 522 | const tx = parseTransaction(serializedTransaction as `0x${string}`); |
Template literal with variable interpolation in command context
| 525 | console.log(`Order ${orderId} paid. Tx: ${hash}`); |
Curl to non-GitHub URL
| 30 | curl "https://api.purch.xyz/search?q=headphones&priceMax=100" |
Curl to non-GitHub URL
| 69 | curl -X POST "https://api.purch.xyz/shop" \ |
Curl to non-GitHub URL
| 121 | curl -X POST "https://api.purch.xyz/buy" \ |
Curl to non-GitHub URL
| 142 | curl -X POST "https://api.purch.xyz/buy" \ |
Curl to non-GitHub URL
| 161 | curl -X POST "https://api.purch.xyz/buy" \ |
Fetch to external URL
| 452 | const searchResponse = await fetch("https://api.purch.xyz/shop", { |
Fetch to external URL
| 460 | const orderResponse = await fetch("https://api.purch.xyz/buy", { |
Fetch to external URL
| 494 | const searchResponse = await fetch("https://api.purch.xyz/shop", { |
Fetch to external URL
| 502 | const orderResponse = await fetch("https://api.purch.xyz/buy", { |
External URL reference
| 14 | Base URL: `https://api.purch.xyz` |
External URL reference
| 30 | curl "https://api.purch.xyz/search?q=headphones&priceMax=100" |
External URL reference
| 53 | "imageUrl": "https://...", |
External URL reference
| 54 | "productUrl": "https://amazon.com/dp/B0CXYZ1234", |
External URL reference
| 69 | curl -X POST "https://api.purch.xyz/shop" \ |
External URL reference
| 97 | "imageUrl": "https://...", |
External URL reference
| 98 | "productUrl": "https://amazon.com/dp/B09XYZ123", |
External URL reference
| 106 | "productUrl": "https://allbirds.com/products/tree-runners", |
External URL reference
| 121 | curl -X POST "https://api.purch.xyz/buy" \ |
External URL reference
| 142 | curl -X POST "https://api.purch.xyz/buy" \ |
External URL reference
| 161 | curl -X POST "https://api.purch.xyz/buy" \ |
External URL reference
| 164 | "productUrl": "https://store.com/products/item-name", |
External URL reference
| 187 | "imageUrl": "https://...", |
External URL reference
| 191 | "checkoutUrl": "https://www.crossmint.com/checkout/550e8400..." |
External URL reference
| 243 | bun run scripts/buy.ts --url "https://store.com/products/item" --variant 41913945718867 \ |
External URL reference
| 260 | bun run scripts/buy_and_sign.ts --url "https://store.com/products/item" --variant 41913945718867 \ |
External URL reference
| 298 | Explorer: https://solscan.io/tx/5UfgJ3vN... |
External URL reference
| 305 | Explorer: https://basescan.org/tx/0x1234... |
External URL reference
| 390 | client = Client("https://api.mainnet-beta.solana.com") |
External URL reference
| 424 | console.log("Explorer: https://basescan.org/tx/" + hash); |
External URL reference
| 452 | const searchResponse = await fetch("https://api.purch.xyz/shop", { |
External URL reference
| 460 | const orderResponse = await fetch("https://api.purch.xyz/buy", { |
External URL reference
| 494 | const searchResponse = await fetch("https://api.purch.xyz/shop", { |
External URL reference
| 502 | const orderResponse = await fetch("https://api.purch.xyz/buy", { |