ClawHub

Oidc Integration

v0.1.0

Plan and implement OIDC and OAuth 2.0 integration for React or TypeScript frontends and Java or Spring Boot backends. Use whenever the user mentions OIDC, Op...

0· 98·0 current·0 all-time
byJeff Tian@jeff-tian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the content of SKILL.md and the three reference files: it focuses on OIDC/OAuth2 integration for React/TypeScript frontends and Spring Boot backends. It does not request unrelated binaries, credentials, or system access.
Instruction Scope
Runtime instructions are limited to design and implementation guidance, checklists, and small code examples. They do not instruct the agent to read arbitrary files, access unspecified environment variables, or transmit data to external endpoints beyond recommending standard OIDC discovery (/.well-known/openid-configuration) and provider endpoints appropriate to the task.
Install Mechanism
There is no install spec and no code files that would be written or executed. The skill is instruction-only, which minimizes installation risk.
Credentials
The skill does not require environment variables or credentials. Example snippets reference typical app env vars (e.g., VITE_OIDC_CLIENT_ID) but the skill itself does not request secrets or unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system presence or modifications to other skills or agent configuration.
Assessment
This skill appears coherent and safe as an instruction-only guide. Before using generated code in production: 1) ensure any client secrets remain on the backend (never embedded in SPA code), 2) review OAuth scopes, cookie flags (Secure, HttpOnly, SameSite), and CORS settings the skill suggests, 3) verify that examples referencing environment variables are wired to your secure config management (not pasted into public prompts), and 4) review and vet any scaffolded code or dependencies (update to current library versions) before running. If you want extra assurance, ask the skill to list the exact environment variables and recommend where each should be stored (backend secret store vs. public build-time vars).

Like a lobster shell, security has layers — review code before you run it.

latestvk9766e5nndatvme093dwmy5ay583dz06

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments