zoom-oauth
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- Security Best Practices: The skill provides detailed guidance on implementing PKCE (Proof Key for Code Exchange) for public clients and using the
stateparameter to prevent CSRF (Cross-Site Request Forgery) attacks. These are industry-standard security measures. - Trusted External References: Documentation and sample code links point to official Zoom domains (
developers.zoom.us,marketplace.zoom.us) and Zoom's official GitHub repositories (github.com/zoom/*). These are well-known and appropriate resources for this skill's context. - Credential Management: The skill uses placeholders for sensitive information (e.g.,
{CLIENT_ID},{CLIENT_SECRET}) and correctly advises users to store secrets in environment variables and encrypt them at rest rather than hardcoding them. - Token Lifecycle Handling: The instructions correctly describe token rotation and expiration behavior for Zoom's OAuth 2.0 implementation, providing code examples that demonstrate how to handle these events securely using standard Node.js libraries.
- Benign Command Examples: Bash examples provided in the documentation (using
curl) are for illustrative purposes to test API connectivity and are standard in technical documentation.
Audit Metadata