ClawHub

Auth0 Flask

Security checks across malware telemetry and agentic risk

Overview

This Auth0 Flask helper is mostly coherent, but it needs Review because it includes unsafe admin-role guidance and optional test tooling that can expose secrets if run carelessly.

Install only after reviewing the examples. Do not copy the `user_role = "admin"` pattern into an app; derive roles from verified claims or a server-side authorization store. Avoid running the eval harness on projects with real `.env` files or secrets, replace example secrets with placeholders, and prefer a pinned/package-manager Auth0 CLI install over `curl | sh`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The example assigns a fixed admin role into session data immediately after login, which can mislead integrators into treating authentication as authorization. This creates a dangerous pattern where any authenticated user may effectively receive administrator privileges if downstream code trusts that session value.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The eval runner invokes the Claude CLI with broad capabilities including Bash, Read, Write, Edit, Glob, Grep, and WebFetch, which gives the agent network access and the ability to modify arbitrary project files during evaluation. For a skill whose stated purpose is Flask/Auth0 integration, this materially expands the attack surface and could expose local data or permit unintended code changes if prompts, skill text, or workspace contents are adversarial.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The session example modifies user session state by storing a custom role value without explaining the security implications. In context, the specific value shown is 'admin', which encourages unsafe authorization-by-session patterns and can lead developers to rely on mutable session state for privilege decisions.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The eval prompt embeds what appears to be a real Auth0 client secret directly in repository test data, without any indication that it is synthetic or intentionally non-sensitive. Even if included for evaluation convenience, hard-coded secrets in source-controlled files can be harvested, reused in generated outputs, and leaked through logs, model training pipelines, or downstream artifacts.

Missing User Warnings

High
Confidence
99% confidence
Finding
The prompt file embeds a full Auth0 client secret directly in test content, exposing a sensitive credential to anyone with repository or artifact access. In the context of an authentication integration skill, this is especially dangerous because agents may copy the value into application code, logs, commits, or external requests, turning a documentation leak into real credential compromise.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The judge path builds a prompt from workspace file contents and sends it to an external Claude CLI process without a clear user-facing disclosure at the transmission point. Because the collected sources may include proprietary code, secrets, or configuration data, this can cause unintended exfiltration of sensitive material to an external model provider.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The runner executes Claude against a copied project workspace, granting it access to read the project and potentially transmit relevant content during processing, but the code does not provide explicit user-facing disclosure about that data flow when invoking the CLI. In environments containing application code, configs, or secrets, this creates a meaningful confidentiality risk.

External Script Fetching

Low
Category
Supply Chain
Content
# Install Auth0 CLI
if ! command -v auth0 &> /dev/null; then
  [[ "$OSTYPE" == "darwin"* ]] && brew install auth0/auth0-cli/auth0 || \
  curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh -s -- -b /usr/local/bin
fi

# Login
Confidence
99% confidence
Finding
curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal