clerk-auth
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides extensive documentation on security best practices, such as preventing CSRF attacks by requiring the 'authorizedParties' configuration and managing JWT size limits to avoid authentication failures.
- [EXTERNAL_DOWNLOADS]: The 'clerk-setup' agent facilitates the installation of official Clerk SDKs (@clerk/nextjs, @clerk/backend, etc.) and helper libraries like 'svix' for webhook verification from the standard npm registry.
- [COMMAND_EXECUTION]: Includes a utility script ('scripts/generate-session-token.js') designed to help developers generate test session tokens via the official Clerk API for local testing and CI/CD pipelines.
- [DATA_EXPOSURE]: Documentation and environment variable templates correctly emphasize the importance of keeping 'CLERK_SECRET_KEY' private and provide clear instructions on using framework-specific prefixes to prevent accidental exposure of secrets to the client side.
Audit Metadata