tinybird
Enables the creation of real-time analytics APIs using Tinybird, allowing for fast data ingestion and SQL querying over HTTP.
Install this skill
Security score
The tinybird skill was audited on Mar 7, 2026 and we found 11 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 70 | await fetch(`${TINYBIRD_URL}?name=events`, { |
Template literal with variable interpolation in command context
| 72 | headers: { Authorization: `Bearer ${TINYBIRD_TOKEN}` }, |
Template literal with variable interpolation in command context
| 136 | { headers: { Authorization: `Bearer ${TINYBIRD_TOKEN}` } } |
Template literal with variable interpolation in command context
| 144 | `https://api.tinybird.co/v0/pipes/user_activity.json?user_id=${userId}&days=${days}`, |
Template literal with variable interpolation in command context
| 145 | { headers: { Authorization: `Bearer ${TINYBIRD_TOKEN}` } } |
Fetch to external URL
| 134 | const res = await fetch( |
Access to .env file
| 63 | const TINYBIRD_TOKEN = process.env.TINYBIRD_TOKEN; |
External URL reference
| 62 | const TINYBIRD_URL = "https://api.tinybird.co/v0/events"; |
External URL reference
| 106 | -- GET https://api.tinybird.co/v0/pipes/daily_active_users.json |
External URL reference
| 135 | "https://api.tinybird.co/v0/pipes/daily_active_users.json", |
External URL reference
| 144 | `https://api.tinybird.co/v0/pipes/user_activity.json?user_id=${userId}&days=${days}`, |
Install this skill with one command
/learn @terminalskills/tinybird