Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

morgs32/clerk-hono

Name: clerk-hono
Author: morgs32

skills/clerk-hono/SKILL.md

npx skillsauth add morgs32/skills clerk-hono

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Source: honojs/middleware - packages/clerk-auth

Setup

Install: pnpm add @hono/clerk-auth (or npm). No custom auth middleware - use the package directly.
Env: CLERK_SECRET_KEY, CLERK_PUBLISHABLE_KEY (e.g. in wrangler or .dev.vars).

Usage

Apply middleware to the routes that need auth, then use getAuth(c) in handlers:

import { clerkMiddleware, getAuth } from '@hono/clerk-auth';
import { Hono } from 'hono';

const app = new Hono();
app.use('/push/*', clerkMiddleware());
app.use('/orgs/*', clerkMiddleware());
app.route('/', sessionRouter);

In route handlers:

app.get('/', (c) => {
  const { userId, orgId } = getAuth(c);
  if (!userId) {
    return c.json({ message: 'You are not logged in.' }, 401);
  }
  if (!orgId) {
    return c.json({ message: 'No active organization selected.' }, 400);
  }
  return c.json({ userId, orgId });
});

Backend API: const clerkClient = c.get('clerk') then e.g. clerkClient.users.getUser(...).

API keys

Use when the route is a resource server or machine-to-machine and should accept Clerk-issued API keys instead of (or in addition to) session tokens.

Using API keys in requests

Once you have an API key, use it to authenticate requests to your application's API. Send the API key as a Bearer token in the Authorization header:

await fetch('https://your-api.com/users', {
  method: 'GET',
  headers: {
    'Content-Type': 'application/json',
    Authorization: `Bearer ${apiKey}`,
  },
});

On your backend, verify the API key using Clerk's SDK (e.g. @hono/clerk-auth with getAuth(c, { acceptsToken: 'api_key' })). See the verifying API keys guide for framework-specific examples.

Verifying API keys on the backend

By default getAuth(c) only accepts session tokens; API keys are rejected unless you pass acceptsToken.

Single token type (API keys only):

const { userId } = getAuth(c, { acceptsToken: 'api_key' });
if (!userId) {
  return c.json({ error: 'Unauthorized' }, 401);
}

Multiple token types (sessions + API keys):

const { userId, tokenType, scopes } = getAuth(c, {
  acceptsToken: ['session_token', 'oauth_token', 'api_key'],
});
if (!userId) {
  return c.json({ error: 'Unauthorized' }, 401);
}
// Optional: enforce scopes for api_key
if (tokenType === 'api_key' && !scopes?.includes('write:users')) {
  return c.json({ error: 'API key missing required scope' }, 403);
}

Clerk API keys are in beta; behavior may change. Full details: Verify API keys (Clerk).

Do not add a custom clerkAuthMiddleware or re-export from a local auth.ts; import clerkMiddleware and getAuth from @hono/clerk-auth in app and routers.

morgs32/clerk-hono

skills/clerk-hono/SKILL.md

Use Clerk auth in Hono apps via @hono/clerk-auth. Use when adding or changing Clerk authentication, protecting routes, or reading userId/orgId in Hono.

tools

Updated May 30, 2026

$ install --global

skillsauth

npx skillsauth add morgs32/skills clerk-hono

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 30, 2026, 7:03 AM213.4s1 file scanned

SKILL.md

name:: clerk-hono
description:: Use Clerk auth in Hono apps via @hono/clerk-auth. Use when adding or changing Clerk authentication, protecting routes, or reading userId/orgId in Hono.

Source: honojs/middleware - packages/clerk-auth

Setup

Install: pnpm add @hono/clerk-auth (or npm). No custom auth middleware - use the package directly.
Env: CLERK_SECRET_KEY, CLERK_PUBLISHABLE_KEY (e.g. in wrangler or .dev.vars).

Usage

Apply middleware to the routes that need auth, then use getAuth(c) in handlers:

import { clerkMiddleware, getAuth } from '@hono/clerk-auth';
import { Hono } from 'hono';

const app = new Hono();
app.use('/push/*', clerkMiddleware());
app.use('/orgs/*', clerkMiddleware());
app.route('/', sessionRouter);

In route handlers:

app.get('/', (c) => {
  const { userId, orgId } = getAuth(c);
  if (!userId) {
    return c.json({ message: 'You are not logged in.' }, 401);
  }
  if (!orgId) {
    return c.json({ message: 'No active organization selected.' }, 400);
  }
  return c.json({ userId, orgId });
});

Backend API: const clerkClient = c.get('clerk') then e.g. clerkClient.users.getUser(...).

API keys

Use when the route is a resource server or machine-to-machine and should accept Clerk-issued API keys instead of (or in addition to) session tokens.

Using API keys in requests

Once you have an API key, use it to authenticate requests to your application's API. Send the API key as a Bearer token in the Authorization header:

await fetch('https://your-api.com/users', {
  method: 'GET',
  headers: {
    'Content-Type': 'application/json',
    Authorization: `Bearer ${apiKey}`,
  },
});

On your backend, verify the API key using Clerk's SDK (e.g. @hono/clerk-auth with getAuth(c, { acceptsToken: 'api_key' })). See the verifying API keys guide for framework-specific examples.

Verifying API keys on the backend

By default getAuth(c) only accepts session tokens; API keys are rejected unless you pass acceptsToken.

Single token type (API keys only):

const { userId } = getAuth(c, { acceptsToken: 'api_key' });
if (!userId) {
  return c.json({ error: 'Unauthorized' }, 401);
}

Multiple token types (sessions + API keys):

const { userId, tokenType, scopes } = getAuth(c, {
  acceptsToken: ['session_token', 'oauth_token', 'api_key'],
});
if (!userId) {
  return c.json({ error: 'Unauthorized' }, 401);
}
// Optional: enforce scopes for api_key
if (tokenType === 'api_key' && !scopes?.includes('write:users')) {
  return c.json({ error: 'API key missing required scope' }, 403);
}

Clerk API keys are in beta; behavior may change. Full details: Verify API keys (Clerk).

Do not add a custom clerkAuthMiddleware or re-export from a local auth.ts; import clerkMiddleware and getAuth from @hono/clerk-auth in app and routers.

Related Skills

morgs32/zerospin-error

development

VerifiedTrustedCommunity

Create and map ZerospinError instances for Effect-based code in zerospin. Use when defining error codes/messages, wrapping causes, mapping/catching errors in Effects, or returning structured errors from Effect.gen/Effect.fn or promise boundaries.

SKILL.mdUpdated May 30, 2026

morgs32/zerospin-error

morgs32/updating-agent-skills

data-ai

VerifiedTrustedCommunity

Update agent skills in this repo or another.

SKILL.mdUpdated May 30, 2026

morgs32/updating-agent-skills

morgs32/typecheck

development

VerifiedTrustedCommunity

TypeScript type-safety rules and guidance.

SKILL.mdUpdated May 30, 2026

morgs32/turbo

devops

VerifiedTrustedCommunity

Fix and update Turborepo (Turbo) configuration and task setup. Use for turbo.json errors, schema updates (pipeline -> tasks), and package-level config issues like missing extends.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/morgs32/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/skills/clerk-hono ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

morgs32/skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT