Skill

auth

From claudecode-research-harness-workflow

Helps implement authentication and payment features using Clerk, Supabase Auth, or Stripe. Provides security checklists for credential handling, session management, and payment verification.

authentication

security

npx claudepluginhub maxwell2732/claudecode-research-harness-workflow --plugin claudecode-research-harness-workflow

Popularity

Stars

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/claudecode-research-harness-workflow:auth

Not user invocable

Model invocation disabled

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadWriteEditBash

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

A set of skills responsible for implementing authentication and payment features.

Supporting Files

references/authentication.mdreferences/payments.md

SKILL.md

84 lines · ~662 tokens

Similar Skills

receiving-code-review

218.5k

Guides technical evaluation of code review feedback: read fully, restate for understanding, verify against codebase, respond with reasoning or pushback before implementing.

superpowers

Stats

LanguageShell

Stars14

Forks17

MaintenanceExcellent

Last CommitJun 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Auth Skills

A set of skills responsible for implementing authentication and payment features.

Feature Details

Feature

Details

Authentication

See references/authentication.md

Payments

See references/payments.md

Execution Steps

Quality gate (Step 0)

Classify the user's request (authentication or payments)

Read the appropriate reference file from "Feature Details" above

Implement following its instructions

Step 0: Quality Gate (Security Checklist)

Since authentication and payment features always carry high security risk, always display the following before starting work:

🔐 Security Checklist This work is security-critical. Please confirm the following: ### Authentication - [ ] Passwords are hashed (bcrypt/argon2) - [ ] Session management is secure (HTTPOnly Cookie) - [ ] CSRF protection is implemented - [ ] Rate limiting (brute-force protection) ### Payments - [ ] Sensitive data (card numbers, etc.) is not stored on the server - [ ] Stripe/payment provider SDK is used correctly - [ ] Webhook signature verification - [ ] Amount tampering prevention (amount finalized server-side) ### Common - [ ] Error messages are not overly detailed (prevent information leakage) - [ ] Sensitive information is not written to logs

Security Severity Display

⚠️ Caution Level: 🔴 High This feature carries the following risks: - Credential exposure - Unauthorized access - Fraudulent payment manipulation Expert review is recommended.

For VibeCoder

🔐 Building login and payment features safely 1. **"Hash" passwords** - Store passwords in a form that cannot be reversed - Safe even if data is leaked 2. **Do not store card information on your server** - Delegate to a dedicated service like Stripe - Never store anything on your own server 3. **Keep error messages vague** - Use "Authentication failed" instead of "Password is incorrect" - Don't give hints to malicious actors

Auth Skills

A set of skills responsible for implementing authentication and payment features.

Feature Details

Feature	Details
Authentication	See references/authentication.md
Payments	See references/payments.md

Execution Steps

Quality gate (Step 0)
Classify the user's request (authentication or payments)
Read the appropriate reference file from "Feature Details" above
Implement following its instructions

Step 0: Quality Gate (Security Checklist)

Since authentication and payment features always carry high security risk, always display the following before starting work:

🔐 Security Checklist

This work is security-critical. Please confirm the following:

### Authentication
- [ ] Passwords are hashed (bcrypt/argon2)
- [ ] Session management is secure (HTTPOnly Cookie)
- [ ] CSRF protection is implemented
- [ ] Rate limiting (brute-force protection)

### Payments
- [ ] Sensitive data (card numbers, etc.) is not stored on the server
- [ ] Stripe/payment provider SDK is used correctly
- [ ] Webhook signature verification
- [ ] Amount tampering prevention (amount finalized server-side)

### Common
- [ ] Error messages are not overly detailed (prevent information leakage)
- [ ] Sensitive information is not written to logs

Security Severity Display

⚠️ Caution Level: 🔴 High

This feature carries the following risks:
- Credential exposure
- Unauthorized access
- Fraudulent payment manipulation

Expert review is recommended.

For VibeCoder

🔐 Building login and payment features safely

1. **"Hash" passwords**
   - Store passwords in a form that cannot be reversed
   - Safe even if data is leaked

2. **Do not store card information on your server**
   - Delegate to a dedicated service like Stripe
   - Never store anything on your own server

3. **Keep error messages vague**
   - Use "Authentication failed" instead of "Password is incorrect"
   - Don't give hints to malicious actors

auth

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

auth

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Auth Skills

Feature Details

Execution Steps

Step 0: Quality Gate (Security Checklist)

Security Severity Display

For VibeCoder

Similar Skills

Help us improve

Auth Skills

Feature Details

Execution Steps

Step 0: Quality Gate (Security Checklist)

Security Severity Display

For VibeCoder