Expert implementation of Clerk auth in Next.js 15/16+, enforcing route group protection, correct proxy.ts patterns, no auth() on public pages, and avoiding c...
Security Analysis
medium confidenceThe provided artifacts are a coherent instruction-only Clerk/Next.js guide; its auth, billing, and webhook patterns are disclosed and purpose-aligned, though they involve real provider secrets and user data.
The skill's purpose matches the artifacts: Clerk auth patterns for Next.js, with optional Convex, Stripe, organizations, webhooks, and debugging guidance. These integrations can affect user identity and billing data, but they are aligned with the stated purpose.
No artifact-backed prompt injection, goal override, hidden endpoint, or autonomous unsafe behavior was shown. The instructions are coding guidance and examples.
There is no skill install spec and no code files. Package/CLI commands in the references are user-directed project setup examples, not automatic skill execution.
Registry metadata says required env vars are none, while SKILL.md lists Clerk secrets and optional Stripe/webhook secrets. This appears purpose-aligned, but users should notice the credential requirements.
Reference examples persist Clerk identity fields to application databases and process user lifecycle webhooks. This is expected for auth integrations, but should be scoped and audited.
Guidance
This skill appears safe as an instruction-only Clerk/Next.js guide. Before using it, confirm you are comfortable giving your agent auth-integration guidance involving Clerk secrets, optional Stripe credentials, and webhook/database user sync patterns. Keep secrets in environment variables, validate billing inputs server-side, and test webhook behavior carefully in a non-production environment first.
Latest Release
v1.0.1
Security improvements: declared required env vars in metadata, added security best practices section, warned about debug mode token leakage, added key rotation procedure
More by @michaelmonetized
Published by @michaelmonetized on ClawHub
