Security Audit: 5 finding(s) in context7-auto-research #2
Description
AgentAudit Security Audit Report
| Metric | Value |
|---|---|
| Package | BenedictKing--context7-auto-research |
| Risk Score | 17/100 |
| Result | safe |
| Findings | 5 total (0 critical, 0 high, 3 medium, 2 low) |
Findings Summary
- MEDIUM - API key exposed through environment variable read (.claude/skills/context7-auto-research/context7-api.cjs:17)
- MEDIUM - Overly broad Bash tool permission in SKILL.md (.claude/skills/context7-auto-research/SKILL.md:8)
- MEDIUM - No dependency pinning or lockfile (package.json:24)
- LOW - User-Agent string reveals skill usage (.claude/skills/context7-auto-research/context7-api.cjs:44)
- LOW - No input validation on query parameters (.claude/skills/context7-auto-research/context7-api.cjs:103)
Details
1. API Key Exposure Risk (MEDIUM)
The script reads CONTEXT7_API_KEY from environment variables and .env files. While this is standard practice, the lack of rate limiting on the skill side could allow malicious queries to exhaust API quotas. Consider implementing local caching and rate limiting to prevent abuse.
2. Overly Broad Bash Permissions (MEDIUM)
The SKILL.md declares unrestricted Bash tool access. While the current implementation only calls context7-api.cjs, this permission could be abused in future updates or if the skill is compromised. Consider restricting to specific commands or using a custom tool wrapper.
3. Supply Chain Risk (MEDIUM)
The package has no external dependencies (good!) but lacks a package-lock.json for reproducible installs. This could expose users to dependency confusion attacks if dependencies are added later.
4. Information Disclosure (LOW)
The User-Agent header Context7-Skill/1.0 identifies Claude Code users, which could enable fingerprinting. Additionally, no JSON schema validation is performed on API responses.
5. Missing Input Validation (LOW)
Command-line arguments (libraryName, query) are not validated for length or content. While URLSearchParams provides encoding, excessive inputs could consume API quota or cause unexpected behavior.
Recommendations
- Add rate limiting: Implement client-side throttling to prevent API quota exhaustion
- Restrict Bash permissions: Document specific commands or use a custom tool wrapper
- Add input validation: Enforce length limits and sanitize inputs
- Implement response validation: Add JSON schema checks for API responses
- Add package-lock.json: Ensure reproducible installations
- Add timeout handling: Prevent hanging HTTP requests
Full Report
View the complete audit report with details, evidence, and remediation guidance:
AgentAudit Report
This audit was performed automatically by AgentAudit, the security registry for AI agent packages. If you believe any finding is incorrect, you can dispute it on the platform.