Filtalgo Shopping

The skill provides a shopping CLI for the Filtalgo platform but contains significant security vulnerabilities. Specifically, the bundled code in 'assets/filtalgo-cli.cjs' (within modules 'auth.js' and 'api.js') explicitly disables SSL certificate validation by setting 'rejectUnauthorized: false', which exposes users to man-in-the-middle attacks. Additionally, an OAuth client secret is hardcoded in 'config.js'. While these flaws are high-risk, they appear to be unintentional development oversights rather than intentional malware, as the tool's behavior remains consistent with its stated purpose of managing shopping flows and orders.