Skill

auth-audit

Audit authentication and authorization patterns. Checks JWT, sessions, OAuth2, PKCE implementations for security best practices and common vulnerabilities.

npx claudepluginhub fusengine/agents --plugin fuse-security

Popularity

Parent stars

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/fuse-security:auth-audit

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Comprehensive audit of authentication and authorization implementations.

Supporting Files

references/auth-patterns.mdreferences/templates/auth-checklist.md

SKILL.md

47 lines · ~341 tokens

Similar Skills

auth-analyzer

Analyzes auth mechanisms (passwords/sessions/JWT/OAuth/MFA) and authz patterns (RBAC/ABAC/ACL) for vulnerabilities like bypasses, hijacking, broken access control; reports with OWASP/NIST remediation.

devkit

validating-authentication-implementations

2.2k

Audits authentication in web apps/APIs: password hashing, JWT handling, sessions, OAuth flows, MFA, and account controls against OWASP/NIST standards.

6 files8 tools

authentication-validator

Harness Auth

Analyzes authentication and authorization patterns (OAuth2, JWT, RBAC/ABAC, MFA), audits security posture against OWASP, and recommends improvements for token lifecycle, permission models, and multi-factor authentication.

1 file

harness-claude

Stats

LanguagePython

Parent stars12

Parent forks1

MaintenanceExcellent

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Auth Audit Skill

Overview

Comprehensive audit of authentication and authorization implementations.

Audit Categories

Auth Audit Skill

Overview

Comprehensive audit of authentication and authorization implementations.

Audit Categories

Category	Checks
JWT	Signing algo, expiration, refresh, storage
Sessions	Storage, expiry, regeneration, fixation
OAuth2	PKCE, state param, redirect validation
Passwords	Hashing algo, strength rules, reset flow
MFA	Implementation, backup codes, recovery

Workflow

Detect auth implementation (JWT, sessions, OAuth)
Scan for known anti-patterns
Verify cryptographic choices
Check token/session lifecycle
Audit authorization logic (RBAC, ABAC)

Common Vulnerabilities

JWT signed with none algorithm
JWT secret too short (< 256 bits)
No token expiration or too long
Refresh tokens stored in localStorage
Session fixation after login
Missing CSRF protection
OAuth without PKCE for public clients
Missing state parameter in OAuth flow

auth-audit

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

auth-audit

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Auth Audit Skill

Overview

Audit Categories

Workflow

Common Vulnerabilities

References

Similar Skills

Help us improve

Auth Audit Skill

Overview

Audit Categories

Workflow

Common Vulnerabilities

References