Skills
skills/midudev/autoskills/clerk-chrome-extension-patterns/Gen Agent Trust Hub

clerk-chrome-extension-patterns

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a developer guide for implementing authentication in Chrome extensions. All provided code snippets and instructions follow standard security practices for the mentioned tools (Clerk, Plasmo).
  • [EXTERNAL_DOWNLOADS]: The template package.json includes standard, well-known dependencies from the NPM registry: @clerk/chrome-extension, plasmo, react, and react-dom.
  • [DATA_EXFILTRATION]: The documentation explains how to configure host_permissions in the extension manifest. This is a necessary configuration to allow the extension to read authentication cookies from a specific web app domain (the syncHost feature), which is the intended and documented behavior.
  • [CREDENTIALS_UNSAFE]: All sensitive configuration values, such as API keys and secrets, are represented using clearly labeled placeholders (e.g., pk_test_..., YOUR_SECRET_KEY) or instructions to use environment variables, following secure development practices.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 05:00 AM