timeplus-app-builder
Facilitates the creation and installation of Timeplus apps by packaging SQL resources and dashboards into installable units.
Install this skill
or
65/100
Security score
The timeplus-app-builder skill was audited on Jun 6, 2026 and we found 15 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 54
Curl to non-GitHub URL
SourceSKILL.md
| 54 | curl -X POST http://localhost:8000/default/api/v1beta2/apps/install \ |
medium line 61
Curl to non-GitHub URL
SourceSKILL.md
| 61 | curl -X POST http://localhost:8000/default/api/v1beta2/apps/install \ |
low line 739
Webhook reference - potential data exfiltration
SourceSKILL.md
| 739 | url = '{{ .Config.slack_webhook_url }}' |
medium line 783
Webhook reference - potential data exfiltration
SourceSKILL.md
| 783 | An `alert` monitors a streaming query and calls a Python UDF when the condition is met. Use it to send notifications (Slack, email, webhook) or trigger external actions. |
medium line 258
Access to .env file
SourceSKILL.md
| 258 | | `upper s` | `upper .Config.env` | `PRODUCTION` | |
medium line 259
Access to .env file
SourceSKILL.md
| 259 | | `lower s` | `lower .Config.env` | `production` | |
low line 422
Base64 decode operation
SourceSKILL.md
| 422 | b64 = base64.b64encode(svg.encode()).decode() |
low line 7
External URL reference
SourceSKILL.md
| 7 | install API (default http://localhost:8000/<tenant>/api/v1beta2/apps/install). |
low line 54
External URL reference
SourceSKILL.md
| 54 | curl -X POST http://localhost:8000/default/api/v1beta2/apps/install \ |
low line 61
External URL reference
SourceSKILL.md
| 61 | curl -X POST http://localhost:8000/default/api/v1beta2/apps/install \ |
low line 227
External URL reference
SourceSKILL.md
| 227 | Both DDL (`{{ }}`) and dashboard (`[[ ]]`) templates have the full [Sprig](https://masterminds.github.io/sprig/) function library available — the same library used by Helm. Use these to manipulate con |
low line 267
External URL reference
SourceSKILL.md
| 267 | Full function reference: https://masterminds.github.io/sprig/ |
low line 386
External URL reference
SourceSKILL.md
| 386 | <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48"> |
low line 421
External URL reference
SourceSKILL.md
| 421 | svg = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48">...</svg>' |
low line 851
External URL reference
SourceSKILL.md
| 851 | NEUTRON_URL ?= http://localhost:8000 |
Scanned on Jun 6, 2026
View Security Dashboard