clerk-environments-deployment
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical guide for implementing Clerk authentication securely, following industry-standard practices.
- [SAFE]: It emphasizes critical security measures such as environment isolation (using separate keys for development and production), secure secret management (warning against committing
.envfiles), and ensuring sensitive data like tokens and webhook signatures are redacted from logs. - [SAFE]: It provides detailed guidance on configuring Content Security Policy (CSP), Cross-Origin Resource Sharing (CORS), and webhook signature verification to prevent common web-based attacks.
- [SAFE]: The mention of keys (e.g.,
pk_test_...,sk_live_...) is limited to explaining naming conventions and prefixes; no actual hardcoded credentials or secrets are present. - [SAFE]: All external references involve well-known, trusted authentication providers and infrastructure services, focusing on legitimate configuration steps rather than suspicious downloads or remote execution.
Audit Metadata