sharp-edges

Identifies dangerous API footguns and surprising behaviors in codebases, enhancing code review processes for safer development.

Install this skill

68/100

Security score

The sharp-edges skill was audited on May 20, 2026 and we found 6 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 54

Template literal with variable interpolation in command context

SourceSKILL.md

54	if (!res.ok) throw new Error(`HTTP ${res.status}`)

medium line 147

Template literal with variable interpolation in command context

SourceSKILL.md

147	db.query(`SELECT * FROM users WHERE name LIKE '%${input}%'`)

low line 53

Fetch to external URL

SourceSKILL.md

53	const res = await fetch('/api') // 404 doesn't throw!

high line 133

Access to /etc/passwd

SourceSKILL.md

133	path.join('/uploads', userInput) // '../../../etc/passwd' works!

medium line 133

Path traversal to sensitive directory

SourceSKILL.md

133	path.join('/uploads', userInput) // '../../../etc/passwd' works!

low line 123

External URL reference

SourceSKILL.md

123	new URL('http://evil.com\\@good.com') // Different browsers parse differently

Scanned on May 20, 2026

View Security Dashboard

Installation guide →

GitHub Stars 493

Rate this skill

Categorydevelopment

UpdatedJune 10, 2026

openclaw backend testing backend-developer devops-sre security-engineer qa-engineer data-engineer development

vibeeval/vibecosystem