Auth0 Swift

Security checks across malware telemetry and agentic risk

Overview

Review before installing: this skill is for Auth0 setup, but it can change live Auth0 tenant and Xcode settings and includes unsafe examples that log access tokens.

Install only if you are comfortable with the agent modifying both your local Xcode project and live Auth0 tenant configuration. Confirm the active tenant and target application, review callback/logout URL changes before applying them, preserve any existing allowed URLs you still need, and do not copy examples that print access tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The documentation includes a direct username/password authentication example even though the skill is framed around Web Auth, CredentialsManager, and biometric protection. This can steer integrators toward embedded credential handling, which increases phishing risk, password exposure risk, and bypasses the safer browser-based Universal Login flow that Auth0 generally recommends for native apps.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill directs the agent to create `Auth0.plist` with tenant identifiers directly in the project without requiring explicit user confirmation or warning that sensitive configuration files will be written. While `ClientId` and `Domain` are not secrets by themselves, silently writing auth configuration into source trees can expose tenant metadata, lead to accidental commits, and normalize unsafe handling of auth-related files.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to run `auth0 apps update` and related CLI commands that modify remote Auth0 application settings, including callback and logout URLs, without an explicit warning or confirmation that tenant configuration will be changed. Remote identity configuration changes are security-sensitive because a mistaken or malicious update can alter redirect targets, break authentication, or expand allowed callback surfaces in a way that enables abuse.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill tells the agent to add entitlements and URL scheme settings, which are security-sensitive project configuration changes, without a clear warning or explicit consent flow. Incorrect entitlement or URL scheme registration can weaken app trust boundaries, enable callback hijacking in the custom-scheme path, or unintentionally broaden app capabilities.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The example prints the access token directly to logs, which can expose bearer credentials to developers, crash logs, device logs, analytics collectors, or support tooling. Because access tokens are often sufficient to call protected APIs, plaintext logging materially increases the chance of credential compromise.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The token renewal example logs the renewed access token, again disclosing a live bearer credential in plaintext. Renewal flows are especially sensitive because they may happen silently in background app flows, creating repeated secret exposure in logs over time.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The authentication success example prints the access token after login, exposing sensitive credential material in logs. In a documentation sample, this is particularly risky because readers frequently copy code verbatim into production or test builds.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to write `Auth0.plist` directly into the user's project when credentials are present, without requiring prior user confirmation or a clear warning that files will be modified. In an agentic context, silent project-file modification is risky because it can change source trees and build inputs unexpectedly, reducing user oversight and enabling unintended persistence of configuration data.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: These instructions tell the agent to install software with Homebrew, run `npm install`, and execute a bootstrap script that creates Auth0 resources and writes project files, all without an upfront warning about system and account changes. This is dangerous because it combines local environment modification, third-party package execution, and remote account mutation in one automated flow, which materially increases the blast radius if the script is wrong or compromised.

Ssd 3

Medium

Confidence: 99% confidence
Finding: This is the same underlying issue as the logging finding: the example emits a plaintext access token. Sensitive credential disclosure through logs can enable unauthorized API access by anyone with access to device logs, CI logs, or observability systems.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The renewed token is sensitive credential material and logging it creates an avoidable disclosure channel. Because renewed tokens may remain valid for meaningful periods, exposure can directly lead to session hijacking against downstream APIs.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The sample prints an access token on successful authentication, which is a direct secret disclosure. Documentation-level insecure examples are dangerous because they normalize insecure handling and propagate to consuming applications.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal