critical
suspicious.exposed_secret_literal
- Location
- references/integration.md:288
- Finding
- File appears to expose a hardcoded API secret or token.
Auth0 Expo
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If run against the wrong tenant or project, it can create Auth0 applications/connections or change callback/logout settings in the wrong place.
Why it was flagged
The automatic setup uses the user's Auth0 CLI session to create or update resources in an Auth0 tenant and edit the local project. This is purpose-aligned but grants meaningful account authority.
Skill content
The script validates the Expo project, creates a Native Auth0 application, sets up a database connection, and writes the plugin config to app.json.
Recommendation
Use automatic setup only after verifying the active Auth0 tenant, reviewing the change plan, and confirming the project path. Choose manual setup if you do not want the agent/script to mutate the tenant.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Approving the prompt can modify both your Auth0 account configuration and your Expo app configuration.
Why it was flagged
The helper chains tenant changes and local file writes after a confirmation prompt. The prompt is a good control, but the operations are still high-impact setup actions.
Skill content
const confirmed = await confirmWithUser("Apply these changes?") ... const client = await applyNativeClientChanges(plan.client) ... await writeAppJsonConfig(domain, config.customScheme, config.appJsonPath)Recommendation
Read the displayed change plan before approving, keep a backup or git diff of app.json, and abort if the tenant, callback URLs, or app name are not expected.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The helper script may install newer compatible dependency versions than those originally tested.
Why it was flagged
The setup instructions run npm install for helper dependencies specified with version ranges, and the provided manifest does not include a lockfile, so exact installed package versions may vary.
Skill content
"dependencies": { "@inquirer/prompts": "^8.1.0", "execa": "^9.0.0", "ora": "^8.0.0" }Recommendation
Run the setup in a trusted environment, consider adding or reviewing a lockfile, and inspect dependency changes if supply-chain reproducibility matters.
NoteHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
Access tokens could appear in device, development, or production logs if these examples are copied directly.
Why it was flagged
Reference examples print access tokens. This appears illustrative rather than exfiltrative, but copying it into real app code could expose tokens in logs.
Skill content
console.log('Access Token:', credentials.accessToken); ... console.log('API Token:', apiCredentials.accessToken);Recommendation
Remove token logging from generated app code and follow the skill's security guidance to avoid logging tokens in production.