ClawGuard
demo/clawguard-showcase#1Open in GitHubDashboard
ClawGuard Security Report

demo/clawguard-showcase

PR #1[Demo] Checkout, webhooks, exports — full ClawGuard showcase
Audited
just now
3/28/2026, 10:18:00 AM
Executive summary

This showcase PR adds checkout, webhooks, exports, and auth touchpoints. The scan surfaced a CRITICAL injection issue, a HIGH-severity credential-in-source finding, additional HIGH/MEDIUM items (XSS surface, brute-force risk, CSRF, path traversal, SSRF), plus quality, architecture, testing, and documentation gaps on the payment path.

61
/ 100GradeD
Critical: 1High: 4Medium: 6Low: 4Info: 1

16 findings across 3 pipeline stage(s)

OWASP Top 10 Distribution

CRITICALHIGHMEDIUMLOWINFO

What this team keeps doing

  • String-built SQL in data layer

    Third hit this quarter in `lib/db/*` — add a lint or enforced query helper.

    Elevated

  • Secrets in `lib/env` fallbacks

    Matches prior incident in PR #88 — forbid non-empty defaults for credential envs.

    Elevated

  • API routes without CSRF on mutating POST

    Same gap as `app/api/cart/route.ts` (#412); standardize middleware.