ClawHub
Back to skill

Security audit

Auth0 Cli

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Auth0 CLI reference skill with powerful tenant-management commands, so it is acceptable to install only if you intend to let an agent help administer Auth0.

Install only if you want agent assistance administering an Auth0 tenant. Before running update, delete, raw API, action deploy, user import, unblock, or log-stream commands, confirm the active tenant and exact resource. Do not paste real secrets or passwords into chat or shell history, and redact any --reveal-secrets output before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly documents authentication with `--client-secret` and later recommends commands such as `apps show ... --reveal-secrets` without any warning about terminal history, logs, CI output, or accidental disclosure. In a credential-management skill, omission of secret-handling guidance materially increases the chance that users expose Auth0 client secrets or retrieve secrets unnecessarily.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill includes destructive tenant-management commands such as `auth0 apps delete <client-id> --force` with no caution, confirmation guidance, or emphasis on validating the target tenant/application first. Because this CLI operates against real identity infrastructure, a user following examples mechanically could delete production applications and disrupt authentication flows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents external log streaming destinations and direct Management API operations without warning that logs may contain sensitive tenant/user metadata and that raw API calls can make broad configuration changes. In this context, the combination of outbound data transfer and powerful direct API access increases the risk of accidental disclosure, overbroad changes, or misuse in automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference explicitly documents `--reveal-secrets` for app listing and display, which can expose client secrets and signing keys directly in terminal output, logs, shell history, screenshots, or downstream automation. In an agent skill context, this is more dangerous because an automated system may surface or persist those values without a human noticing the exposure risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The authentication examples show `--client-secret` on the command line without warning that command-line arguments can be exposed via shell history, process listings, CI logs, and audit tooling. In a CLI reference this is common documentation, but in an agent-operated environment it increases the chance that secrets are handled unsafely by automation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The log streaming section encourages exporting tenant logs to external services but does not warn that Auth0 logs may contain sensitive authentication metadata, user identifiers, IPs, and operational security signals. Without privacy and retention guidance, users may unintentionally forward regulated or high-value data to third parties.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Several evals normalize sensitive and destructive tenant-management actions such as deleting apps, creating users with explicit passwords, unblocking accounts, enabling security controls, and authenticating CI/CD with a client secret, but they do not require confirmation prompts, masking, or safety warnings. In a real assistant workflow, this can encourage the skill to produce operationally risky guidance that leads to accidental tenant changes, credential exposure, or unsafe handling of high-impact actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.