clerk-auth
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and code examples for integrating the Clerk authentication service. The logic follows security best practices, such as recommending auth checks in both middleware and individual route handlers to prevent bypasses.- [CREDENTIALS_UNSAFE]: The code examples in
SKILL.mdcontain placeholder environment variables (pk_test_...andsk_test_...). These are standard illustrative values for Clerk API keys and do not expose sensitive production credentials.- [DATA_EXFILTRATION]: No unauthorized network requests or file system access patterns were detected. All network communication described is part of the intended Clerk authentication flow.- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code downloads or dynamic execution of untrusted scripts.- [PROMPT_INJECTION]: The skill contains instructions for processing external webhook data from Clerk, which represents an indirect prompt injection surface. - Ingestion points: The webhook handler in
app/api/webhooks/clerk/route.tsconsumes JSON payloads from incoming POST requests. - Boundary markers: The implementation explicitly requires and demonstrates signature verification using the
svixlibrary to validate the request source. - Capability inventory: The skill uses Prisma to perform database writes (
user.create,user.update,user.delete) based on validated webhook events. - Sanitization: Employs cryptographic verification of the
svix-signatureheader before any data processing occurs.
Audit Metadata