Skip to main content

mess-server

Provides a REST API for MESS Exchange Server with self-hosted deployment options and event-sourced storage capabilities.

Install this skill

or
31/100

Security score

The mess-server skill was audited on May 29, 2026 and we found 25 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 41

Curl to non-GitHub URL

SourceSKILL.md
41curl -X POST http://localhost:3000/api/v1/exchanges/home/register \
medium line 70

Curl to non-GitHub URL

SourceSKILL.md
70curl http://localhost:3000/api/v1/exchanges/home/requests \
medium line 97

Curl to non-GitHub URL

SourceSKILL.md
97curl -X POST http://localhost:3000/api/v1/exchanges/home/requests \
medium line 121

Curl to non-GitHub URL

SourceSKILL.md
121curl http://localhost:3000/api/v1/exchanges/home/requests/2026-02-01-XY1Z \
medium line 162

Curl to non-GitHub URL

SourceSKILL.md
162curl -X PATCH http://localhost:3000/api/v1/exchanges/home/requests/2026-02-01-XY1Z \
medium line 170

Curl to non-GitHub URL

SourceSKILL.md
170curl -X PATCH http://localhost:3000/api/v1/exchanges/home/requests/2026-02-01-XY1Z \
medium line 184

Curl to non-GitHub URL

SourceSKILL.md
184curl http://localhost:3000/api/v1/exchanges/home/executors \
medium line 210

Curl to non-GitHub URL

SourceSKILL.md
210curl -X PATCH http://localhost:3000/api/v1/exchanges/home/executors/my-phone \
low line 218

Webhook reference - potential data exfiltration

SourceSKILL.md
218{"type": "slack", "webhook_url": "https://hooks.slack.com/..."}
medium line 232

Webhook reference - potential data exfiltration

SourceSKILL.md
232| `slack` | `{"type": "slack", "webhook_url": "https://hooks.slack.com/..."}` |
medium line 233

Webhook reference - potential data exfiltration

SourceSKILL.md
233| `google_chat` | `{"type": "google_chat", "webhook_url": "https://chat.googleapis.com/..."}` |
medium line 234

Webhook reference - potential data exfiltration

SourceSKILL.md
234| `webhook` | `{"type": "webhook", "url": "https://your-server.com/notify"}` |
low line 41

External URL reference

SourceSKILL.md
41curl -X POST http://localhost:3000/api/v1/exchanges/home/register \
low line 70

External URL reference

SourceSKILL.md
70curl http://localhost:3000/api/v1/exchanges/home/requests \
low line 97

External URL reference

SourceSKILL.md
97curl -X POST http://localhost:3000/api/v1/exchanges/home/requests \
low line 121

External URL reference

SourceSKILL.md
121curl http://localhost:3000/api/v1/exchanges/home/requests/2026-02-01-XY1Z \
low line 162

External URL reference

SourceSKILL.md
162curl -X PATCH http://localhost:3000/api/v1/exchanges/home/requests/2026-02-01-XY1Z \
low line 170

External URL reference

SourceSKILL.md
170curl -X PATCH http://localhost:3000/api/v1/exchanges/home/requests/2026-02-01-XY1Z \
low line 184

External URL reference

SourceSKILL.md
184curl http://localhost:3000/api/v1/exchanges/home/executors \
low line 210

External URL reference

SourceSKILL.md
210curl -X PATCH http://localhost:3000/api/v1/exchanges/home/executors/my-phone \
low line 218

External URL reference

SourceSKILL.md
218{"type": "slack", "webhook_url": "https://hooks.slack.com/..."}
low line 231

External URL reference

SourceSKILL.md
231| `ntfy` | `{"type": "ntfy", "topic": "your-topic", "server": "https://ntfy.sh"}` |
low line 232

External URL reference

SourceSKILL.md
232| `slack` | `{"type": "slack", "webhook_url": "https://hooks.slack.com/..."}` |
low line 233

External URL reference

SourceSKILL.md
233| `google_chat` | `{"type": "google_chat", "webhook_url": "https://chat.googleapis.com/..."}` |
low line 234

External URL reference

SourceSKILL.md
234| `webhook` | `{"type": "webhook", "url": "https://your-server.com/notify"}` |
Scanned on May 29, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawapibackendbackend-developerdevops-sredata-engineerdockerkubernetesdevelopment
teaguesterling/git-messe-af