hyperstack-mcp-connector

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The implementation in references/mcp.ts fetches OpenID Connect (OIDC) configuration and user identity details from Clerk's official discovery and userinfo endpoints. This is a standard and safe operation for verifying authentication tokens with a well-known service.
  • [COMMAND_EXECUTION]: The setup instructions in references/setup-and-gotchas.md recommend standard CLI commands for managing the development environment, such as npm install for dependency management and npx convex deploy for platform deployment.
  • [DATA_EXFILTRATION]: The resolveClerkIdentity function in references/mcp.ts sends the user's OAuth access token to the Clerk authentication server. This is the intended behavior for identity resolution and is restricted to the specific, user-configured authentication provider.
  • [SAFE]: The skill enforces several security best practices, including mandatory authentication (requireAuth: true), CORS header protection for session security, and the use of Convex internal functions for database operations to ensure that tools can only be invoked through the secure gateway and not directly by external clients.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 03:45 AM