ClawHub

Auth0 Express

Security checks across malware telemetry and agentic risk

Overview

This Auth0 Express skill is mostly purpose-aligned, but it needs review because some examples expose tokens/profile data and one setup path runs a downloaded installer without a real verification step.

Install only if you intend to let an agent configure Auth0 for an Express app. Prefer installing the Auth0 CLI through a trusted package manager or verify the downloaded installer before running it. Confirm any env-file writes, keep env files out of version control, and do not copy examples that return raw ID tokens, access tokens, refresh tokens, or full profile objects into production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The example encourages forwarding a user's access token to a generic external endpoint (`https://your-api.com/data`) without emphasizing that the token must only be sent to the token's intended resource server. If copied loosely, developers may transmit bearer tokens to arbitrary services, enabling token misuse, unintended delegation, or exposure of user-authorized access to third parties.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The setup text tells the operator to review the downloaded installer before executing it, but the script immediately runs that same file non-interactively. This creates a supply-chain risk: a remote script fetched over the network is executed with local privileges without any actual review, integrity verification, or user pause.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example `/profile` route renders `req.oidc.user` in full via `JSON.stringify`, which can expose all claims returned by the identity provider, including potentially sensitive profile attributes. In a real application, copying this example into production could leak unnecessary personal data to end users, shared screens, logs, or downstream HTML contexts without any minimization guidance.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The `/user-info` example returns the full user object and `idToken` in a JSON response, which can expose sensitive identity data and token material to browsers, logs, client-side scripts, and downstream intermediaries. ID tokens are not generally meant to be re-exposed by application endpoints, and doing so increases the blast radius of XSS, logging, and accidental disclosure issues.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The external API example demonstrates sending an access token in a bearer header to an external service without a warning about trust boundaries or user-data transmission. This normalizes a dangerous pattern where developers may leak tokens to third parties or to services not intended by the token audience, potentially granting unauthorized access if the token is accepted elsewhere.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example returns the full user object plus idToken and accessToken in a JSON response, which encourages exposing sensitive authentication artifacts to the browser or any caller of the endpoint. This increases the risk of token leakage through client-side code, logs, browser tooling, extensions, or secondary compromise such as XSS.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The refresh token example normalizes accessing and using a long-lived credential without warning about its sensitivity or storage requirements. Refresh tokens can enable prolonged unauthorized access if leaked, so documentation that omits safeguards may lead developers to handle them insecurely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal