oauth
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Administrative Command Execution: The skill includes instructions for running commands with elevated privileges, such as
sudo portless proxy startandsudo portless trust. These operations are used to bind the local proxy to port 443 and manage the system's certificate trust store, which are standard requirements for providing local HTTPS support during development. - Environment Variable Configuration: The guide recommends setting environment variables like
NEXTAUTH_URLand referencing credentials such asGOOGLE_CLIENT_SECRET. This is a routine part of OAuth integration, and the skill correctly advises using these variables to ensure consistency between the local development environment and the OAuth provider's requirements. - Subdomain and TLD Usage: The skill encourages using real Top-Level Domains (TLDs) like
.devor.appwith a local proxy to bypass limitations placed on.localhostsubdomains by certain OAuth providers. This is a common and safe technique for testing authentication flows locally.
Audit Metadata