clerk-setup
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches setup documentation and configuration guides from clerk.com. These references target a well-known authentication service and are used exclusively to retrieve official instructions.
- [COMMAND_EXECUTION]: The skill instructs the agent to install standard authentication SDKs (e.g., @clerk/nextjs) and configure project files. These actions are restricted to the local environment and align with the primary purpose of setting up authentication.
- [DATA_EXFILTRATION]: No unauthorized data transfer was identified. The skill reads the local package.json file to detect the framework version, which is a standard procedure for configuration tasks.
- [PROMPT_INJECTION]: The skill contains no instructions designed to bypass safety filters or override agent behavior. The prompt used to process documentation is focused on extracting setup steps and code snippets.
- [CREDENTIALS_UNSAFE]: While the skill mentions environment variables like CLERK_SECRET_KEY, it provides documentation on how the user should retrieve and store them securely. No actual secrets or API keys are hardcoded in the skill files.
Audit Metadata