saleor-app
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a developer guide for the Saleor platform. It provides clear instructions on implementing secure authentication flows, including the app registration handshake and JWT verification for Dashboard requests.
- [SAFE]: It documentation correctly differentiates between 'App scope' (high-privileged server-side tokens) and 'User scope' (limited client-side tokens), explicitly warning against exposing sensitive app tokens to the browser.
- [SAFE]: The skill mandates cryptographic signature verification for all incoming webhooks using JWS/JWKS, ensuring that data received from Saleor or external services like Stripe is authentic and untampered.
- [SAFE]: Security best practices are promoted throughout, such as using the
EncryptedMetadataManagerfor sensitive settings (API keys, secrets) and implementing domain allowlisting for multi-tenant applications. - [SAFE]: All identified dependencies (e.g.,
@saleor/app-sdk,redis,@vercel/kv) are official vendor packages or well-known, reputable services.
Audit Metadata