chat-widget
Creates a real-time support chat system with a user widget and admin dashboard for effective customer support.
Install this skill
Security score
The chat-widget skill was audited on Mar 8, 2026 and we found 11 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 590 | const ws = new WebSocket(`${websocketUrl}?chat_id=${chat.id}`) |
Template literal with variable interpolation in command context
| 642 | <span className={`w-2 h-2 rounded-full ${connected ? 'bg-green-500' : 'bg-gray-400'}`} /> |
Template literal with variable interpolation in command context
| 646 | <div key={m.id} className={`p-2 rounded ${m.sender_type === 'user' ? 'bg-blue-100 ml-auto' : 'bg-gray-100'}`}> |
Template literal with variable interpolation in command context
| 709 | await pusher.trigger(`support-chat-${chatId}`, 'new-message', messageData) |
Template literal with variable interpolation in command context
| 712 | const channel = pusher.subscribe(`support-chat-${chatId}`) |
Template literal with variable interpolation in command context
| 788 | ws = new WebSocket(`/ws/chat?id=${chat.value?.id}`) |
Fetch to external URL
| 268 | fetch('/support_chat') |
Fetch to external URL
| 294 | fetch('/support_chat/mark_read', { method: 'PATCH' }) |
Fetch to external URL
| 582 | fetch('/api/support_chat').then(r => r.json()).then(data => { |
Fetch to external URL
| 784 | const res = await fetch('/api/support-chat') |
Fetch to external URL
| 891 | fetch('/api/support-chat/messages?since=' + lastMessageTime) |
Install this skill with one command
/learn @shpigford/chat-widget