Clerk Pack
API capability pack for bounded Clerk Backend API operations against https://api.clerk.com/v1 only. Enroll a Clerk secret-key bearer connection named clerk with the narrowest user, session, organization, invitation, role, permission, and domain scopes needed for the installed workflows; no credential is embedded in this manifest. The pack reads users, user counts, sessions, organizations, organization memberships, organization invitations, organization domains, organization roles, organization permissions, instance invitations, and instance domains for SaaS access governance, customer onboarding, B2B organization operations, and support review. It bundles scheduled access hygiene, AI-assisted user access review, approval-gated organization invitation, and approval-gated user ban/unban workflows. Writes are limited to one organization, one organization invitation, one organization membership role change, or one user ban/unban at a time. The pack intentionally excludes user create/update/password/MFA mutation, token creation, OAuth access token fetches, testing tokens, session creation/revocation/refresh, invitation revoke, deletes, bulk endpoints, domain mutation, role/permission administration writes, webhook administration, billing credit adjustments, OAuth token exchange, and arbitrary Clerk API passthrough.
What this pack installs
- Clerk access hygiene digest Recipe
- Clerk user access brief Recipe
- Invite a Clerk organization member Recipe
- Ban a Clerk user Recipe
- Unban a Clerk user Recipe
- clerk Ingredient
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.