Auth0 Springboot Api
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: auth0-springboot-api Version: 1.0.1 The skill bundle provides legitimate instructions and documentation for integrating Auth0 authentication into a Spring Boot API. It includes agent-specific instructions to fetch the latest SDK version via the GitHub CLI and automate resource creation using the Auth0 CLI, which are consistent with the stated purpose. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found across the files (SKILL.md, setup.md, api.md, integration.md).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user chooses automation, the agent can make a real change to the logged-in Auth0 account and write configuration into the project.
The automated setup uses the existing Auth0 CLI login and creates an API resource in the user's Auth0 tenant.
Verify logged in: `auth0 tenants list --csv --no-input` ... `auth0 apis create --name "My Spring Boot API" --identifier https://my-springboot-api --json`
Confirm the Auth0 CLI is logged into the intended tenant before using automated setup, or choose the manual path.
Pasting real client secrets into shell commands can leave them in shell history, logs, or shared transcripts.
The optional test-token curl example uses a client secret placeholder; this is expected for a client-credentials token request but would be sensitive if filled with a real value.
"client_secret": "YOUR_CLIENT_SECRET"
Use placeholders in committed files, avoid sharing real secrets with the agent unless necessary, and prefer secure secret handling for production credentials.
Build output can change over time depending on the latest upstream release and the local GitHub CLI behavior.
The skill asks the agent to query GitHub at use time and substitute the latest release version rather than relying on a pinned version in the artifact.
fetch the latest release version by running: `gh api repos/auth0/auth0-auth-java/releases/latest --jq '.tag_name'` ... Use the returned version
Review the selected dependency version and pin it in your build file if reproducibility matters.
Running the application may execute project code, start a local server, or trigger project-specific side effects.
The skill instructs the agent to run local project commands that can compile and start the application.
After writing all code, verify the build succeeds: `./gradlew bootRun` or `./mvnw spring-boot:run`
Run these commands only in a development checkout and review/approve them before execution.