clerk-security-basics
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides correct guidance on managing Clerk secrets, emphasizing that secret keys must remain server-side and be excluded from version control via .gitignore.
- [SAFE]: Middleware and API route examples implement appropriate authentication and authorization checks, including route protection and permission-based access control.
- [SAFE]: The skill demonstrates secure webhook handling by using signature verification with the Svix library and implementing idempotency checks to prevent replay attacks.
- [SAFE]: Recommended security headers, such as Content Security Policy and X-Frame-Options, are properly implemented to mitigate common web vulnerabilities like clickjacking.
Audit Metadata