ClawHub

Auth0 Quickstart Test

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Auth0 setup guide, but it exposes broad tenant administration commands and secrets with too few guardrails for an agent-driven quickstart.

Install only if you intentionally want Auth0 and are comfortable letting an agent use the Auth0 CLI. Use a non-production or clearly intended tenant, restrict the Auth0 role, review every command before execution, avoid delete/user/API/log/token commands unless explicitly needed, and never paste client secrets, access tokens, or live logs into chat or source control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The reference materially exceeds the stated quickstart purpose by documenting broad tenant administration, including app, user, API, and log operations. In an agent skill context, this expands the action surface and can normalize use of privileged commands that are unnecessary for simply adding login to an app.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
User lifecycle management is not required for a typical authentication SDK quickstart and introduces unnecessary privileged capabilities such as enumerating, creating, and deleting tenant users. In an agent-driven workflow, exposing these commands increases the risk of privacy-impacting or destructive actions outside the user's intended task.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
API management commands are beyond the narrow task of adding login/authentication to an app and broaden the tenant-level control surface. This can mislead an automation agent into creating, inspecting, or deleting APIs when the user's goal is only application authentication setup.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs users to retrieve application credentials, including a client secret for regular web apps, but does not place a clear warning at the point of use about treating secrets as sensitive, avoiding terminal/log exposure, and never pasting them into source control or chats. In an agent-assisted workflow, that omission increases the chance that secrets are exposed through transcripts, generated code, shell history, or committed files.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
Documenting destructive delete commands without warnings or confirmation guidance increases the chance of accidental tenant changes or application loss, especially if consumed by an agent or copied verbatim by users. The absence of impact notes or safeguards makes irreversible operations seem routine.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Showing user deletion without a warning can lead to accidental removal of user accounts and associated access continuity issues. In a tenant administration context, this also raises privacy and operational risk because the command acts on real identity records.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide states that app details include client ID and secret, but gives no caution about handling or displaying secrets. In an agent setting, this can encourage credential disclosure into logs, transcripts, screenshots, or other insecure channels.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal