The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (SAFE): The skill references and utilizes official, reputable Clerk SDKs (@clerk/nextjs, @clerk/clerk-react, @clerk/backend) and standard web development dependencies (React, Vite, Hono) from the npm registry. No suspicious or unverifiable external dependencies were found.
[COMMAND_EXECUTION] (SAFE): A functional utility script scripts/generate-session-token.js is included for developer testing. It follows security best practices by requiring secrets (CLERK_SECRET_KEY) through environment variables rather than hardcoding them and communicates only with the official api.clerk.com endpoint.
[DATA_EXFILTRATION] (SAFE): Analysis of the included scripts and templates shows no evidence of unauthorized data collection or exfiltration. The skill provides guidance on setting up authorizedParties and secure environment variable prefixes (e.g., VITE_ prefix) to prevent accidental credential leakage.
[INDIRECT_PROMPT_INJECTION] (SAFE): The skill provides static templates for JWT configuration and middleware. It does not contain data ingestion surfaces that process untrusted external inputs at runtime, mitigating the risk of indirect prompt injection.

clerk-auth