clerk-prod-checklist
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill primarily serves as a procedural guide for developers.
- [COMMAND_EXECUTION]: The skill includes a bash validation script and CLI snippets designed to verify environment variable prefixes (e.g., checking for 'pk_live_') and file existence. These operations are performed locally and do not involve remote code execution or suspicious subprocess spawning.
- [DATA_EXFILTRATION]: No data exfiltration patterns were found. The skill actively encourages security best practices, such as moving secret keys from environment files to secure secret managers and removing hardcoded credentials.
Audit Metadata