Search everything...

Skill

auth-audit

Audit authentication and authorization patterns. Checks JWT, sessions, OAuth2, PKCE implementations for security best practices and common vulnerabilities.

From fuse-security

Install

Run in your terminal

npx claudepluginhub fusengine/agents --plugin fuse-security

Tool Access

This skill uses the workspace's default tool permissions.

Supporting Assets

View in Repository

references/auth-patterns.md

references/templates/auth-checklist.md

Skill Content

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

ecc

140.7k

agent-payment-x402

Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.

ecc

140.7k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

ecc

140.7k

Stats

Parent Repo Stars4

Parent Repo Forks0

Last CommitFeb 21, 2026

Actions

View Source View Plugin View on GitHub View README

auth-audit | fuse-security | ClaudePluginHub

Skill

auth-audit

Audit authentication and authorization patterns. Checks JWT, sessions, OAuth2, PKCE implementations for security best practices and common vulnerabilities.

From fuse-security

Install

Run in your terminal

npx claudepluginhub fusengine/agents --plugin fuse-security

Tool Access

This skill uses the workspace's default tool permissions.

Supporting Assets

View in Repository

references/auth-patterns.md

references/templates/auth-checklist.md

Skill Content

Auth Audit Skill

Overview

Comprehensive audit of authentication and authorization implementations.

Audit Categories

Category	Checks
JWT	Signing algo, expiration, refresh, storage
Sessions	Storage, expiry, regeneration, fixation
OAuth2	PKCE, state param, redirect validation
Passwords	Hashing algo, strength rules, reset flow
MFA	Implementation, backup codes, recovery

Workflow

Detect auth implementation (JWT, sessions, OAuth)
Scan for known anti-patterns
Verify cryptographic choices
Check token/session lifecycle
Audit authorization logic (RBAC, ABAC)

Common Vulnerabilities

JWT signed with none algorithm
JWT secret too short (< 256 bits)
No token expiration or too long
Refresh tokens stored in localStorage
Session fixation after login
Missing CSRF protection
OAuth without PKCE for public clients
Missing state parameter in OAuth flow

References

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

ecc

140.7k

agent-payment-x402

Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.

ecc

140.7k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

ecc

140.7k

Stats

Parent Repo Stars4

Parent Repo Forks0

Last CommitFeb 21, 2026

Actions

View Source View Plugin View on GitHub View README