ClawHub

Auth0 Quickstart

Security checks across malware telemetry and agentic risk

Overview

This is a visible Auth0 setup guide, but users should be careful with tenant-changing commands and secrets.

Install this only if you want agent help configuring Auth0. Prefer a non-production tenant while testing, keep client secrets and tokens out of chat, logs, screenshots, and source control, and require explicit confirmation before any Auth0 create, update, or delete command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to retrieve Auth0 application credentials, including client secrets, without an immediate, explicit warning to treat them as sensitive values. In an agent-assisted workflow, surfaced secrets can be copied into chat history, logs, screenshots, or committed into source code, increasing the risk of credential exposure and downstream compromise of the Auth0-integrated application.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document includes an application deletion command with no warning, confirmation guidance, or indication that the action is destructive and potentially irreversible. In a skill intended for quickstart/setup, this increases the chance that users copy a dangerous command without understanding the impact on live tenants or applications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Showing a user deletion command without warning can lead to accidental irreversible account removal, data loss, and disruption of user access. Because this is presented as routine reference material in an onboarding-oriented skill, the missing caution materially increases operational risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal