clerk-nextjs-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The
setup-clerk-nextjs.shscript is used for project initialization. It performs non-malicious tasks such as creating configuration files (proxy.ts,.env.local) and installing official packages. It includes logic to prevent overwriting existing user files. - [EXTERNAL_DOWNLOADS] (SAFE): The skill installs standard, well-maintained packages (
@clerk/nextjs,@vercel/mcp-adapter) from reputable organizations. These downloads are necessary for the skill's stated purpose and do not originate from untrusted sources. - [CREDENTIALS_UNSAFE] (SAFE): The skill provides excellent guidance on managing secrets. It distinguishes between public and secret keys, explicitly warns against committing secret keys to version control, and provides instructions for using
.env.localand.gitignore. - [DATA_EXFILTRATION] (SAFE): No patterns of unauthorized data collection or exfiltration to external domains were found. All network activity is restricted to legitimate authentication flows and dependency management.
- [PROMPT_INJECTION] (SAFE): The skill contains no instructions designed to bypass agent safety filters or override system prompts.
Audit Metadata