grove-auth-integration
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No security issues detected. The automated scanner's alert for 'userinfo.id' is a false positive; it refers to a JavaScript object property access (userinfo.id) in the authentication logic, not a malicious domain.
- [EXTERNAL_DOWNLOADS]: The skill interacts with 'auth-api.grove.place' and 'heartwood.grove.place', which are official services provided by the vendor.
- [COMMAND_EXECUTION]: Provides instructions for using 'wrangler' to manage secrets and database records, which is standard practice for Cloudflare development.
- [SAFE]: The provided code samples correctly implement PKCE (Proof Key for Code Exchange) and state parameter validation to protect against authorization code injection and CSRF attacks.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata