rembric-smoke-tests
Facilitates end-to-end smoke testing for the Rembric dev stack, ensuring changes are verified before PR submission.
Install this skill
or
73/100
Security score
The rembric-smoke-tests skill was audited on May 26, 2026 and we found 5 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 42
Curl to non-GitHub URL
SourceSKILL.md
| 42 | - **HTTP**: `curl … | jq` against `http://localhost:<port>/api/<slug>/…` with `Authorization: Bearer …` and `Content-Type: application/json`. Parse responses with `jq`, not regex. |
low line 14
Access to .env file
SourceSKILL.md
| 14 | [ -f .env ] || cp <main-worktree>/.env .env |
medium line 37
Access to .env file
SourceSKILL.md
| 37 | - Admin bearer: `grep '^REMBRIC_ADMIN_TOKEN=' .env | cut -d= -f2-`. **Never `cat .env`** — the harness blocks it to keep secrets out of the transcript. |
medium line 59
Access to .env file
SourceSKILL.md
| 59 | - **`cat .env` is blocked.** Targeted `grep` only. |
low line 42
External URL reference
SourceSKILL.md
| 42 | - **HTTP**: `curl … | jq` against `http://localhost:<port>/api/<slug>/…` with `Authorization: Bearer …` and `Content-Type: application/json`. Parse responses with `jq`, not regex. |
Scanned on May 26, 2026
View Security Dashboard