Comprehensive testing and validation tools for Clerk authentication integrations. Includes E2E auth flow testing, security audits, configuration validation, unit testing patterns for sign-in/sign-up flows. Use when implementing Clerk tests, validating authentication setup, testing auth flows, running security audits, creating E2E tests for Clerk, or when user mentions Clerk testing, auth validation, E2E authentication tests, security audit, or test coverage.
View on GitHubFebruary 1, 2026
Select agents to install to:
npx add-skill https://github.com/vanman2024/ai-dev-marketplace/blob/main/plugins/clerk/skills/testing-validation/SKILL.md -a claude-code --skill testing-validationInstallation paths:
.claude/skills/testing-validation/# Clerk Testing & Validation
Comprehensive testing and validation toolkit for Clerk authentication integrations. Provides test templates, validation scripts, security audit tools, and E2E testing patterns for sign-in, sign-up, session management, and multi-factor authentication flows.
## Instructions
### When Validating Clerk Setup
1. **Run Configuration Validation**
- Execute `scripts/validate-setup.sh` to verify:
- Environment variables (CLERK_PUBLISHABLE_KEY, CLERK_SECRET_KEY)
- Middleware configuration
- Protected routes setup
- Provider configuration (Google, GitHub, etc.)
- Check output for missing configurations or security warnings
- Review generated validation report
2. **What Gets Validated**
- Environment variable presence and format
- API key validity (publishable vs secret key patterns)
- ClerkProvider wrapper in app structure
- Middleware configuration in middleware.ts/js
- Protected route patterns in route configuration
- CORS and domain settings for production
### When Testing Authentication Flows
1. **Run E2E Authentication Tests**
- Execute `scripts/test-auth-flows.sh` to test:
- Sign-up flow (email/password, OAuth providers)
- Sign-in flow (all configured providers)
- Session persistence across page reloads
- Sign-out functionality
- Protected route access control
- Supports both Playwright and Cypress
- Generates test coverage reports
2. **Authentication Flow Coverage**
- Email/password registration and login
- OAuth provider authentication (Google, GitHub, Microsoft)
- Magic link authentication
- Multi-factor authentication (2FA/MFA)
- Session management and token refresh
- User profile updates
- Password reset flows
### When Running Security Audits
1. **Execute Security Checks**
- Run `scripts/check-security.sh` to audit:
- Environment variable exposure (no keys in client bundles)
- Public vs secret key usage
- Prote