ClawHub

Auth0 Migration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Auth0 migration guide, but it handles sensitive account export files and credentials that users must protect carefully.

Install only if you are intentionally migrating users to Auth0. Treat user exports, password hashes, salts, database URLs, Auth0 Management API tokens, and client secrets as highly sensitive: restrict access, avoid committing or pasting them into logs or chats, use least-privilege temporary credentials where possible, encrypt files in storage and transit, and securely delete temporary migration artifacts after verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to export and import account records, including email addresses and password hashes, but does not explicitly warn that these artifacts are highly sensitive and must be handled as secrets. In a migration context, operators may create JSON exports, upload them via CLI, or store them locally without encryption, access controls, retention limits, or secure deletion, increasing the risk of credential exposure and privacy incidents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to export, store, and transmit highly sensitive authentication data, including password hashes, salts, metadata, and management API tokens, but it provides no explicit warnings about secure handling, least-privilege access, encryption at rest, redaction, retention limits, or safe disposal. In a migration skill, this omission is meaningful because operators may copy these commands directly and create plaintext exports, shell history leakage, overly broad database dumps, or insecure token handling during a high-risk data movement process.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal