The Agent Skills Directory

[SAFE]: The skill is verified as safe. It implements proactive security measures, including mandatory environment variable checks and human-in-the-loop confirmations for sensitive operations.
[EXTERNAL_DOWNLOADS]: API specifications are retrieved from raw.githubusercontent.com/clerk/openapi-specs. This is a trusted source associated with a well-known service, used solely for retrieving endpoint definitions.
[REMOTE_CODE_EXECUTION]: Automated alerts regarding remote code execution were investigated. The skill pipes remote YAML specifications into local parsing scripts (e.g., extract-tags.js) for data extraction. This is a standard parsing workflow and does not involve executing remote code.
[CREDENTIALS_UNSAFE]: Although the skill handles sensitive CLERK_SECRET_KEY credentials, it includes explicit instructions for the agent to verify the key's existence and check CLERK_BAPI_SCOPES permissions before attempting any write or delete operations.
[COMMAND_EXECUTION]: The skill uses curl to interact with the official Clerk API at api.clerk.com. All commands are transparently listed in the instructions and are consistent with the skill's stated purpose.

clerk-backend-api