upstash
Facilitates building serverless applications with Upstash Redis, enabling caching, rate limiting, and durable workflows.
Install this skill
Security score
The upstash skill was audited on May 12, 2026 and we found 14 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 40 | const cached = await redis.get<User>(`user:${userId}`); |
Template literal with variable interpolation in command context
| 44 | await redis.set(`user:${userId}`, user, { ex: 3600 }); // 1 hour TTL |
Template literal with variable interpolation in command context
| 71 | await redis.hset(`session:${sessionId}`, { userId: "42", role: "admin", cart: JSON.stringify(items) }); |
Template literal with variable interpolation in command context
| 72 | const session = await redis.hgetall(`session:${sessionId}`); |
Template literal with variable interpolation in command context
| 73 | await redis.expire(`session:${sessionId}`, 86400); // 24h TTL |
Webhook reference - potential data exfiltration
| 103 | // Callback URL (webhook when processing completes) |
Access to .env file
| 81 | const qstash = new Client({ token: process.env.QSTASH_TOKEN! }); |
External URL reference
| 85 | url: "https://myapp.vercel.app/api/process-order", |
External URL reference
| 93 | url: "https://myapp.vercel.app/api/daily-report", |
External URL reference
| 99 | { url: "https://myapp.vercel.app/api/send-email", body: { to: "[email protected]" } }, |
External URL reference
| 100 | { url: "https://myapp.vercel.app/api/send-email", body: { to: "[email protected]" } }, |
External URL reference
| 105 | url: "https://myapp.vercel.app/api/long-task", |
External URL reference
| 107 | callback: "https://myapp.vercel.app/api/task-complete", |
External URL reference
| 108 | failureCallback: "https://myapp.vercel.app/api/task-failed", |