Search everything...

Skill

auth-review

Perform a defensive review of authentication and authorization flows in an authorized codebase. Use for login, session, MFA, OAuth, password reset, cookie security, JWT validation, impersonation, privilege checks, and object-level access control.

Install

npx claudepluginhub muhammedzohaib/patchman --plugin patchman

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- login and logout correctness

SKILL.md

Similar Skills

memory-forensics

Acquire memory dumps from live systems/VMs and analyze with Volatility 3 for processes, networks, DLLs, injections in incident response or malware hunts.

reverse-engineering

33.0k

binary-analysis-patterns

Provides x86-64/ARM disassembly patterns, calling conventions, control flow recognition for static analysis of executables and compiled binaries.

reverse-engineering

33.0k

anti-reversing-techniques

1 file

Identifies anti-debugging checks like IsDebuggerPresent, NtQueryInformationProcess in Windows binaries; suggests bypasses via patches/hooks/scripts for malware analysis, CTFs, authorized RE.

reverse-engineering

33.0k

Stats

Stars1

Forks0

Last CommitApr 16, 2026

Actions

View Source View Plugin View on GitHub View README

auth-review | patchman | ClaudePluginHub

Skill

auth-review

From patchman

Install

npx claudepluginhub muhammedzohaib/patchman --plugin patchman

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- login and logout correctness

SKILL.md

Auth Review

Focus

login and logout correctness
session fixation and invalidation
cookie flags and token storage
reset, invite, recovery, and MFA flows
server-side authorization and object-level checks
impersonation, elevation, and admin escape hatches

Review prompts

Are checks enforced server-side on every sensitive action?
Does auth depend on user-controlled headers, origins, or claims?
Are session boundaries rotated after identity change?
Can one user access another user's objects through predictable identifiers?

Output

Use the Patchman findings format and call out auth assumptions explicitly.

Similar Skills

memory-forensics

Acquire memory dumps from live systems/VMs and analyze with Volatility 3 for processes, networks, DLLs, injections in incident response or malware hunts.

reverse-engineering

33.0k

binary-analysis-patterns

Provides x86-64/ARM disassembly patterns, calling conventions, control flow recognition for static analysis of executables and compiled binaries.

reverse-engineering

33.0k

anti-reversing-techniques

1 file

Identifies anti-debugging checks like IsDebuggerPresent, NtQueryInformationProcess in Windows binaries; suggests bypasses via patches/hooks/scripts for malware analysis, CTFs, authorized RE.

reverse-engineering

33.0k

Stats

Stars1

Forks0

Last CommitApr 16, 2026

Actions

View Source View Plugin View on GitHub View README