by 安全扫描
OpenClaw
安全
high confidenceThe skill's requirements and instructions are consistent with its stated purpose (an Auth0 quickstart that uses the Auth0 CLI); nothing requested or installed is disproportionate to that goal.
评估建议
This skill appears to be what it says: a CLI-driven Auth0 quickstart. Before installing or running commands: (1) prefer the Homebrew install over piping a GitHub raw script to sh; (2) review any auth0 CLI commands the skill runs — creating apps or running 'auth0 apps show' will surface client IDs/secrets and 'auth0 logs tail' can show tenant logs; treat those secrets carefully and don't commit them to source control; (3) the skill will inspect local files (package.json, config files) to detect y...详细分析 ▾
✓ 用途与能力
The skill is an Auth0 quickstart and explicitly requires the Auth0 CLI (binary 'auth0') and provides CLI-centric instructions to detect framework and create Auth0 apps. The Homepage and install spec (Homebrew formula for auth0) align with the stated purpose.
ℹ 指令范围
Runtime instructions read local project files (package.json, project config files) to detect the framework and then call the Auth0 CLI (login, apps create, apps show, logs tail, etc.). Reading package.json and config files is reasonable for framework detection, but the skill will prompt the user to perform operations that can enumerate and modify Auth0 tenant resources (create apps, list apps, show credentials).
ℹ 安装机制
Primary install method is a Homebrew formula (auth0/auth0-cli/auth0), which is standard and expected. The included reference docs also show an alternate curl | sh installer (raw.githubusercontent.com) — this pattern is common for CLIs but is higher risk than a curated package manager; the skill itself declares Homebrew as the install mechanism.
✓ 凭证需求
The skill does not require any environment variables or secret credentials to run. The documentation describes the normal Auth0 environment variables (AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, AUTH0_SECRET, etc.) that developers must set for their apps, which is appropriate and expected for an Auth0 integration.
✓ 持久化与权限
always is false and model invocation is allowed (default). The skill does not request persistent system-wide privileges or access to other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux
版本
latestv1.0.02026/4/15
- Initial release of the auth0-mfa-test skill. - Introduces a quickstart guide for adding Auth0 authentication to a wide range of frameworks (React, Next.js, Vue, Nuxt, Angular, Express, Fastify, React Native, and more). - Guides users through framework detection, Auth0 account setup, CLI installation, and application creation. - Links to framework-specific skills for streamlined integration. - Provides troubleshooting tips, migration guidance, and references to official Auth0 documentation. - Lists related skills for advanced features and further integrations.
● 无害
安装命令
点击复制官方npx clawhub@latest install auth0-quickstart-test
镜像加速npx clawhub@latest install auth0-quickstart-test --registry https://cn.longxiaskill.com