clerk-backend-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to run and construct curl commands using CLERK_SECRET_KEY (including an explicit echo/check of the variable and instructions to substitute the secret from the user's context), which forces the LLM to read and potentially embed secret values (or their prefixes) in its outputs/commands, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches OpenAPI specs at runtime from https://raw.githubusercontent.com/clerk/openapi-specs/main/bapi/${version_name} (and lists versions via https://api.github.com/repos/clerk/openapi-specs/contents/bapi), and those fetched YAML specs are piped into local extractor scripts to determine endpoints and execution logic—so remote content directly controls the agent's behavior and is required for non-fast-path operations.