Auth0 Fastify
PassAudited by ClawScan on May 6, 2026.
Overview
This is a coherent Auth0/Fastify setup guide; the main things to watch are normal dependency installation and safe handling of Auth0/session secrets.
This skill appears safe and purpose-aligned for adding Auth0 authentication to Fastify. Before using it, be prepared to protect the Auth0 client secret and session secret, avoid committing .env files, and review or pin the npm dependencies you install.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these secrets are exposed or committed to source control, someone could abuse the application’s Auth0 integration or session security.
The skill instructs the user to configure sensitive Auth0 application and session secrets. This is expected for Auth0 server-side web authentication, but those secrets must be protected.
AUTH0_CLIENT_SECRET=your-client-secret SESSION_SECRET=<openssl-rand-hex-64>
Keep secrets out of git, use a production secret manager, restrict Auth0 application settings/scopes, and rotate any secret that may have been exposed.
Installing unexpected or compromised package versions could affect the security of the Fastify application.
The guide asks the user to install npm dependencies without pinning versions. This is purpose-aligned for adding the Auth0 Fastify SDK, but it relies on the normal npm package supply chain.
npm install @auth0/auth0-fastify fastify @fastify/view ejs dotenv
Install from the trusted npm registry, use a lockfile or pinned versions where practical, and review dependency provenance/security advisories.