Skills
skills/clerk/cli/clerk-cli/Gen Agent Trust Hub

clerk-cli

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the official Clerk CLI via standard package managers.
  • Evidence: SKILL.md mentions npx -y clerk@{{CLI_VERSION}}, bunx clerk@{{CLI_VERSION}}, pnpm dlx clerk@{{CLI_VERSION}}, and yarn dlx clerk@{{CLI_VERSION}}.
  • [COMMAND_EXECUTION]: The skill executes shell commands using the clerk binary.
  • Evidence: SKILL.md contains numerous examples of clerk commands like clerk api, clerk users list, and clerk config pull.
  • [CREDENTIALS_UNSAFE]: The skill handles sensitive API keys but follows industry standards for management.
  • Evidence: SKILL.md and references/auth.md recommend using CLERK_SECRET_KEY and CLERK_PLATFORM_API_KEY environment variables or the system keychain instead of hardcoding values.
  • [DATA_EXFILTRATION]: The skill performs network operations to Clerk's official Backend and Platform APIs.
  • Evidence: references/auth.md describes the use of https://api.clerk.dev/v1/ and https://api.clerk.com/v1/ for operations.
  • [SAFE]: The skill provides robust safety mechanisms for agent-based execution and handles data ingestion surfaces safely.
  • Evidence: SKILL.md and references/agent-mode.md document the use of --dry-run to preview mutations, the requirement of --yes for destructive calls in agent mode, and recommendations to save large API responses to local files for inspection with jq to avoid context flooding.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 12:18 PM
Security Audit — agent-trust-hub — clerk-cli