Skip to content
← Registry
Trust Report

better-auth-security-best-practices

Configure rate limiting, manage auth secrets, set up CSRF protection, define trusted origins, secure sessions and cookies, encrypt OAuth tokens, track IP addresses, and implement audit logging for Better Auth. Use when users need to secure their auth setup, prevent brute force attacks, or harden a Better Auth deployment.

89
CONDITIONAL
Format: openclawScanner: v0.8.1Duration: 34msScanned: 10h ago · Jul 6, 10:40 PMSource →
Embed this badge
AgentVerus CONDITIONAL 89AgentVerus CONDITIONAL 89AgentVerus CONDITIONAL 89
[![AgentVerus](https://agentverus.ai/api/v1/skill/df9d0cf5-0086-491c-8c4c-937b5551b98f/badge)](https://agentverus.ai/skill/df9d0cf5-0086-491c-8c4c-937b5551b98f)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

https://agentverus.ai/api/v1/skill/df9d0cf5-0086-491c-8c4c-937b5551b98f/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"df9d0cf5-0086-491c-8c4c-937b5551b98f","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/df9d0cf5-0086-491c-8c4c-937b5551b98f/trust

Category Scores

94
Permissions
100
Injection
52
Dependencies
90
Behavioral
90
Content
100
Code Safety

Findings (7)

lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://*.example.com

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
infoSafety boundaries defined

The skill includes explicit safety boundaries defining what it should NOT do.

Safety boundary patterns detected in content

Keep these safety boundaries. They improve trust.

contentASST-09
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://api.example.com

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
mediumMany external URLs referenced (7)-8

The skill references 7 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://api.example.com, https://app.example.com, https://admin.example.com, https://admin.example.com`, https://*.example.com...

Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04
mediumFederated auth flow detected-10

Found federated auth flow pattern: "OAuth"

description: Configure rate limiting, manage auth secrets, set up CSRF protection, define trusted origins, secure sessions and cookies, encrypt OAuth tokens, track IP addresses, and implement audit lo

Treat OAuth, 2FA, and token-refresh guidance as authentication-sensitive workflows. Explain scope, storage, and refresh behavior clearly so agents do not handle more credential material than necessary.

behavioralASST-05
mediumUnknown external reference-8

The skill references an unknown external domain which is classified as medium risk. Merged overlapping signals from the repeated finding family: - Unknown external reference

https://api.example.com

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://admin.example.com`

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04