Sr Next Clerk Expert
Security checks across malware telemetry and agentic risk
Overview
This is a markdown-only Next.js and Clerk authentication guide whose sensitive auth, webhook, Convex, and Stripe examples are disclosed and aligned with its purpose.
Reasonable to install as an auth implementation guide. Treat it as guidance, not a turnkey security boundary: do not paste real Clerk or Stripe secrets into chat, keep production keys in platform environment variables, validate Stripe price IDs server-side, use test keys during development, and review webhook delete or soft-delete behavior before applying it to production user data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.