rivetkit-client-javascript

Provides guidance for building JavaScript clients that connect to Rivet Actors, enabling action calls and connection management.

Install this skill

78/100

Security score

The rivetkit-client-javascript skill was audited on Jun 24, 2026 and we found 8 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 240

Template literal with variable interpolation in command context

SourceSKILL.md

240	Don't build keys with string interpolation like `"org:${userId}"` when `userId` contains user data. Use arrays instead to prevent key injection attacks.

low line 164

Fetch to external URL

SourceSKILL.md

164	const response = await handle.fetch("history");

low line 277

Fetch to external URL

SourceSKILL.md

277	const response = await handle.fetch("/healthz", {

low line 35

External URL reference

SourceSKILL.md

35	endpoint: "https://my-namespace:[email protected]",

low line 217

External URL reference

SourceSKILL.md

217	const client = createClient<typeof registry>("http://localhost:6420");

low line 251

External URL reference

SourceSKILL.md

251	Defaults to `http://localhost:6420` when unset. RivetKit runs on port 6420 by default.

low line 258

External URL reference

SourceSKILL.md

258	https://namespace:[email protected]

low line 297

External URL reference

SourceSKILL.md

297	Package: [rivetkit](https://www.npmjs.com/package/rivetkit)

Scanned on Jun 24, 2026

View Security Dashboard

Installation guide →

GitHub Stars 17

Rate this skill

Categorydevelopment

UpdatedJune 24, 2026

openclaw api backend frontend-developer backend-developer fullstack-developer devops-sre product-manager development product

rivet-dev/skills