Back to skill

Security audit

Auth0 Spa Js

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Auth0 SPA setup helper, but users should treat the automated tenant setup and installer commands carefully.

Install only if you are comfortable letting the skill help configure Auth0 and update project environment files. Prefer Homebrew, Scoop, or a verified Auth0 CLI release instead of curl | sh, review any proposed Auth0 tenant changes before approving them, and do not let the agent read existing .env contents unless you explicitly intend to share them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document explicitly requires asking the user for confirmation before any write to .env, but the PowerShell automation writes to .env unconditionally with Out-File -Append. In an agent context, this can cause unauthorized modification of an existing environment file that may contain unrelated secrets or sensitive configuration, violating the documented safety boundary.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The file exposes a generic wrapper around `auth0 api`, enabling arbitrary Auth0 Management API calls rather than only SPA SDK integration. That materially expands the skill's capability beyond its declared purpose, which is dangerous because an agent invoking this helper could modify tenant configuration, users, clients, or secrets if the local CLI is authenticated with privileged credentials.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code launches an external `auth0` CLI subprocess with attacker-influenced `method`, `endpoint`, and optional data, creating a powerful side-effecting execution path not justified by a client-side SPA integration skill. Even though execa's template usage reduces shell-injection risk, the core issue is capability escalation: the skill can perform privileged administrative operations through ambient CLI authentication on the host.

Credential Access

High
Category
Privilege Escalation
Content
@"
${prefix}_DOMAIN=$($appDetails.domain)
${prefix}_CLIENT_ID=$($appDetails.client_id)
"@ | Out-File -FilePath .env -Encoding UTF8 -Append

Write-Host "✅ Auth0 configuration complete!"
Write-Host "  ${prefix}_DOMAIN=$($appDetails.domain)"
Confidence
94% confidence
Finding
.env

External Script Fetching

Low
Category
Supply Chain
Content
if [[ "$OSTYPE" == "darwin"* ]]; then
    brew install auth0/auth0-cli/auth0
  elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
    curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh -s -- -b /usr/local/bin
  else
    echo "Please install Auth0 CLI: https://github.com/auth0/auth0-cli#installation"
    exit 1
Confidence
96% confidence
Finding
curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh

External Script Fetching

Low
Category
Supply Chain
Content
**Linux:**
```bash
curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh
```

**Windows:**
Confidence
96% confidence
Finding
curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
**Linux:**
```bash
curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh
```

**Windows:**
Confidence
97% confidence
Finding
| sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.