Skills
skills/jezweb/claude-skills/clerk-auth/Gen Agent Trust Hub

clerk-auth

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [Data Exposure & Exfiltration] (HIGH): The agent definition in agents/clerk-setup.md includes commands like grep -r 'CLERK' .env* and grep -r 'CLERK' wrangler.jsonc that automatically search for and read sensitive configuration and environment files to extract secrets.
  • [Command Execution] (MEDIUM): Multiple files (agents/clerk-setup.md, commands/setup.md, templates/vite/package.json) use shell commands or Node.js environment variables to execute binaries like npm, npx, and wrangler, or to modify server configuration (NODE_OPTIONS).
  • [Credentials Unsafe] (MEDIUM): The script scripts/generate-session-token.js and various setup guides require the use of CLERK_SECRET_KEY. While necessary for functionality, the utility script transmits these secrets to the external Clerk API (api.clerk.com), which is not on the trusted whitelist.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:43 PM