setup-zoom-websockets
Facilitates low-latency event workflows for Zoom using WebSockets, enhancing real-time communication and security.
Install this skill
Security score
The setup-zoom-websockets skill was audited on May 18, 2026 and we found 21 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 72 | const credentials = Buffer.from(`${CLIENT_ID}:${CLIENT_SECRET}`).toString('base64'); |
Template literal with variable interpolation in command context
| 82 | 'Authorization': `Basic ${credentials}`, |
Template literal with variable interpolation in command context
| 96 | const wsUrl = `wss://ws.zoom.us/ws?subscriptionId=${SUBSCRIPTION_ID}&access_token=${accessToken}`; |
Template literal with variable interpolation in command context
| 111 | console.log(`Meeting started: ${event.payload.object.topic}`); |
Template literal with variable interpolation in command context
| 114 | console.log(`Meeting ended: ${event.payload.object.uuid}`); |
Template literal with variable interpolation in command context
| 117 | console.log(`Participant joined: ${event.payload.object.participant.user_name}`); |
Template literal with variable interpolation in command context
| 123 | console.log(`Connection closed: ${code} - ${reason}`); |
Webhook reference - potential data exfiltration
| 3 | description: Reference skill for Zoom WebSockets. Use after routing to a low-latency event workflow when persistent connections, faster event delivery, or security constraints make WebSockets preferab |
Webhook reference - potential data exfiltration
| 14 | Background reference for persistent Zoom event streams. Prefer workflow routing first, then use this file when WebSockets are plausibly better than webhooks. |
Webhook reference - potential data exfiltration
| 16 | ## WebSockets vs Webhooks |
Webhook reference - potential data exfiltration
| 18 | | Aspect | WebSockets | Webhooks | |
Webhook reference - potential data exfiltration
| 33 | **Choose Webhooks when:** |
Webhook reference - potential data exfiltration
| 139 | Events received via WebSocket have the same format as webhook events: |
Webhook reference - potential data exfiltration
| 244 | - **Webhooks comparison**: https://www.zoom.com/en/blog/a-guide-to-webhooks-and-websockets/ |
Access to .env file
| 249 | - See [references/environment-variables.md](references/environment-variables.md) for standardized `.env` keys and where to find each value. |
External URL reference
| 40 | - Server-to-Server OAuth app in [Zoom Marketplace](https://marketplace.zoom.us/) |
External URL reference
| 52 | 1. Go to [Zoom Marketplace](https://marketplace.zoom.us/develop/create) |
External URL reference
| 75 | 'https://zoom.us/oauth/token', |
External URL reference
| 243 | - **WebSockets docs**: https://developers.zoom.us/docs/api/websockets/ |
External URL reference
| 244 | - **Webhooks comparison**: https://www.zoom.com/en/blog/a-guide-to-webhooks-and-websockets/ |
External URL reference
| 245 | - **Developer forum**: https://devforum.zoom.us/ |