Express Oauth2 Jwt Bearer
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong Auth0 tenant or project path, it could create a resource in the wrong account and write matching configuration locally.
Automatic setup uses the user's logged-in Auth0 CLI session and can create an Auth0 API plus write configuration into the project.
Verify logged in: `auth0 tenants list --csv --no-input` ... Create the Auth0 API (Resource Server) ... Write the `.env` configuration file
Before using automatic setup, confirm the active Auth0 tenant, review the displayed change plan, and use manual setup if you are unsure.
Running the helper may install third-party npm packages and execute setup code on your machine.
The setup flow downloads npm dependencies for the helper script and then executes that local bootstrap code.
cd <skill-dir>/scripts && npm install && node bootstrap.mjs <project-path>
Review `scripts/package.json` and the bootstrap script first, and run the command only in the intended project environment.
This may use the local GitHub CLI and network access; it is low impact but may fail or use local GitHub authentication if configured.
The skill tells the agent to run an external GitHub CLI command to determine the latest SDK version.
fetch the latest release version by running: `gh api repos/auth0/node-oauth2-jwt-bearer/releases/latest --jq '.tag_name'`
Allow the version check only if you are comfortable with the GitHub CLI call, or verify the package version manually.