ClawHub

Clerk Auth

Security checks across malware telemetry and agentic risk

Overview

This Clerk authentication skill is coherent, but it can expose Clerk secrets/session tokens and run privileged auth-testing actions without enough scoping or redaction.

Review before installing. Use it only in projects where the agent may inspect and edit auth configuration, and do not let it run raw env greps or token-generation scripts against production Clerk keys. Prefer masked environment checks, keep CLERK_SECRET_KEY and CLERK_TESTING_TOKEN in a secret manager, confirm before uploading secrets to Cloudflare, and treat any printed session token as compromised.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This utility does more than simple token generation: it can create users and automatically select an existing user from the Clerk instance, which expands its capability into account provisioning and user enumeration. In a testing helper this may be intentional, but if run against a non-test Clerk environment it can create unauthorized sessions for arbitrary users and blur the boundary between test tooling and privileged admin automation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The standalone trigger keyword "clerk" is overly broad for an auto-activation mechanism and can cause the skill to fire in many unrelated conversations mentioning the vendor, package ecosystem, or incidental auth discussions. In this context, unintended activation can inject security-sensitive guidance, testing shortcuts, and auth-specific instructions where they were not requested, increasing the chance of misapplication or prompt-surface expansion.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes fixed test OTP credentials and bot-detection bypass techniques without a prominent restriction that they must only be used in authorized non-production test environments. Because this is an authentication skill, that omission materially increases the risk that operators apply these instructions against real systems, normalizing bypass behavior and weakening safe-use boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs writing a secret key directly into `.env.local` using a shell heredoc, but does not explicitly warn the operator that this material is sensitive and must not be logged, committed, or echoed back into chat/output. In an agentic environment with Write/Bash tools, this increases the chance of accidental secret exposure through terminal history, diffs, follow-on reads, or repository commits.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The command pipes a secret into `wrangler secret put`, which sends credentials to Cloudflare, but the skill does not clearly disclose that this transmits sensitive material to an external service. In a tool-using agent context, lack of consent and visibility around external secret transmission can cause unapproved disclosure of production credentials.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The troubleshooting step uses `grep` to print Clerk-related environment variables, which may reveal secret keys in terminal output, logs, screenshots, or agent responses. Because these variables include authentication secrets, displaying them unnecessarily increases the risk of credential leakage and downstream account compromise.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide instructs users to place `CLERK_SECRET_KEY` in environment configuration without clearly warning that it must remain server-side only and never be exposed to client bundles, logs, or source control. In a React/Next.js setup guide, this omission is dangerous because developers may incorrectly surface the secret in frontend code or commit `.env.local`, enabling full compromise of authentication-related backend operations.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The guide instructs users to manually export a live testing credential (`CLERK_TESTING_TOKEN`) but does not place an adjacent warning that it is a sensitive token which should not be logged, committed, or persisted. Even though this is a test-oriented credential, exposure could let others bypass bot-detection protections for the associated Clerk instance during automated auth flows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script prints a live bearer session token directly to stdout, where it can be captured by shell history, CI logs, terminal recording tools, scrollback buffers, or shared consoles. Because the token authenticates as a real session, anyone who obtains it during its validity window can replay it against protected endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal