Skip to main content

real-time-features

Enables real-time functionality in applications using WebSockets and SSE for instant updates in chat, dashboards, and collaborative tools.

Install this skill

or
36/100

Security score

The real-time-features skill was audited on Mar 1, 2026 and we found 16 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 69

Template literal with variable interpolation in command context

SourceSKILL.md
69console.log(`WebSocket server running on port ${port}`);
medium line 79

Template literal with variable interpolation in command context

SourceSKILL.md
79console.log(`New connection: ${clientId}`);
medium line 95

Template literal with variable interpolation in command context

SourceSKILL.md
95console.error(`WebSocket error for ${clientId}:`, error);
medium line 222

Template literal with variable interpolation in command context

SourceSKILL.md
222console.log(`Client disconnected: ${clientId}`);
medium line 320

Template literal with variable interpolation in command context

SourceSKILL.md
320`Reconnecting... (${reconnectCountRef.current}/${reconnectAttempts})`
medium line 443

Template literal with variable interpolation in command context

SourceSKILL.md
443console.log(`Client ${id} connected. Total: ${this.clients.length}`);
medium line 448

Template literal with variable interpolation in command context

SourceSKILL.md
448console.log(`Client ${id} disconnected. Total: ${this.clients.length}`);
medium line 454

Template literal with variable interpolation in command context

SourceSKILL.md
454client.res.write(`data: ${JSON.stringify(data)}\n\n`);
medium line 459

Template literal with variable interpolation in command context

SourceSKILL.md
459const message = `data: ${JSON.stringify(data)}\n\n`;
medium line 468

Template literal with variable interpolation in command context

SourceSKILL.md
468const message = `event: ${event}\ndata: ${JSON.stringify(data)}\n\n`;
medium line 595

Template literal with variable interpolation in command context

SourceSKILL.md
595console.log(`User connected: ${socket.id}`);
medium line 626

Template literal with variable interpolation in command context

SourceSKILL.md
626console.log(`User disconnected: ${socket.id}`);
low line 577

Access to .env file

SourceSKILL.md
577origin: process.env.CLIENT_URL || 'http://localhost:3000',
low line 557

External URL reference

SourceSKILL.md
557client.connect('http://localhost:3000/events', {
low line 577

External URL reference

SourceSKILL.md
577origin: process.env.CLIENT_URL || 'http://localhost:3000',
low line 701

External URL reference

SourceSKILL.md
701- [Socket.IO Documentation](https://socket.io/docs/)
Scanned on Mar 1, 2026
View Security Dashboard

Install this skill with one command

/learn @opendcai/real-time-features
GitHub Stars 23
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawapibackendfrontend-developerbackend-developerfullstack-developerproduct-managerux-designerdevelopmentproductdesign
OpenDCAI/leonai