TrustStar

Home/Code Scan/expressjs/express← New Analysis

SAFECode Scan Score 73Generic Repository

This skill shows healthy signals. It appears safe to use.

8 finding(s)·50 file(s)·May 25, 2026

Popularity

30%

52/100

Permissions

30%

100/100

Code Safety

25%

55/100

Ecosystem

15%

90/100

Metadata

Nomexpress

Stars69057

Authorexpressjs

Forks23442

Account age12 year(s)

Analyzed files50

Public repos49

Last activityMay 17, 2026

Node.js scripts

Findings (8)

3 HIGH5 INFO

HIGHNET-001Hardcoded URL to unknown domain

A URL pointing to "example.com" is present in the code.

examples/vhost/index.js:39

http://example.com

Recommendation: Document the usage of this domain in SKILL.md.

HIGHNET-005Hardcoded URL to unknown domain

A URL pointing to "api.example.com" is present in the code.

lib/response.js:84

api.example.com (found 4 times)

Recommendation: Document the usage of this domain in SKILL.md.

HIGHNET-006Hardcoded URL to unknown domain

A URL pointing to "example.com" is present in the code.

lib/response.js:786

example.com (found 3 times)

Recommendation: Document the usage of this domain in SKILL.md.

INFONET-002Uses HTTP library (http/https)

The http/https library is used for HTTP requests — standard practice.

examples/view-constructor/github-view.js:45

http/https

Recommendation: Ensure all network destinations are documented in SKILL.md.

INFONET-003Network call to known service (github.com)

HTTP call to a documented trusted service.

examples/web-service/index.js:54

github.com (found 3 times)

Recommendation: Verify that the URL matches the declared usage.

INFONET-004Network call to known service (github.com)

HTTP call to a documented trusted service.

lib/application.js:283

https://github.com

Recommendation: Verify that the URL matches the declared usage.

INFOFS-001File read

The code reads files or directories.

examples/markdown/index.js:18

fs.readFile(path, 'utf8', function(err, str){

Recommendation: Verify that only expected files are read.

INFOMETA-001No SKILL.md found

This repository was analyzed as a generic codebase, not a registered OpenClaw skill.

(repository root)

SKILL.md not present

Recommendation: Add a SKILL.md to declare this as an OpenClaw skill and document its permissions.

Analyzed files (50)

examples/auth/index.js

examples/content-negotiation/db.js

examples/content-negotiation/index.js

examples/content-negotiation/users.js

examples/cookie-sessions/index.js

examples/cookies/index.js

examples/downloads/index.js

examples/ejs/index.js

examples/error-pages/index.js

examples/error/index.js

examples/hello-world/index.js

examples/markdown/index.js

examples/multi-router/controllers/api_v1.js

examples/multi-router/controllers/api_v2.js

examples/multi-router/index.js

examples/mvc/controllers/main/index.js

examples/mvc/controllers/pet/index.js

examples/mvc/controllers/user-pet/index.js

examples/mvc/controllers/user/index.js

examples/mvc/db.js

examples/mvc/index.js

examples/mvc/lib/boot.js

examples/online/index.js

examples/params/index.js

examples/resource/index.js

examples/route-map/index.js

examples/route-middleware/index.js

examples/route-separation/index.js

examples/route-separation/post.js

examples/route-separation/site.js

examples/route-separation/user.js

examples/search/index.js

examples/search/public/client.js

examples/session/index.js

examples/session/redis.js

examples/static-files/index.js

examples/static-files/public/js/app.js

examples/vhost/index.js

1 HIGH

examples/view-constructor/github-view.js

examples/view-constructor/index.js

examples/view-locals/index.js

examples/view-locals/user.js

examples/web-service/index.js

index.js

lib/application.js

lib/express.js

lib/request.js

lib/response.js

2 HIGH

lib/utils.js

lib/view.js