Member Badges
Reward members with earnable badges — first post, milestones, reactions received, founding member and more. Auto-awarded as members participate, shown on their profile.
Reward members with earnable badges — first post, milestones, reactions received, founding member and more. Auto-awarded as members participate, shown on their profile.
AI security review
✓
Reviewed safe · 96/100
A well-structured badge extension using standard Laravel patterns. Admin routes are protected by auth/admin middleware, inputs are validated, SQL uses query builder/Eloquent with casting, and output is HTML-escaped. No RCE, SSRF, exfil, or dangerous dynamic code found.
- low · Public endpoint returns badge data — GET /api/ext/badges/user/{userId} is public (web middleware only) and returns a user's badges; this is intended behavior for profile display and exposes only non-sensitive badge metadata. The userId is cast to int and constrained to numeric, so no injection.
- low · Client-side inline styling from API color field — assets/forum.js builds inline CSS using b.color directly. Badge colors are constrained server-side by a hex regex on save/create, so injection risk is low, but the JS itself does not re-validate color before concatenating into style strings.
Automated review of v1.1.1 by claude-opus-4-8 1 week ago. This is an automated signal to aid your judgment — not a guarantee.