Skill

auth

Use this skill whenever the user mentions login, signup, authentication, OAuth, session management, payments, subscriptions, billing, Stripe integration, or checkout flows. Also use when the user needs to protect routes, add role-based access, or implement payment webhooks. Do NOT load for: general UI components, database schema design, non-auth API endpoints, or business logic unrelated to auth/payments. Implements authentication and payment features using Clerk, Supabase Auth, or Stripe.

Install

npx claudepluginhub tim-hub/powerball-harness --plugin harness

Tool Access

This skill is limited to using the following tools:

ReadWriteEditBash

Preview

A collection of skills responsible for implementing authentication and payment features.

Supporting Assets

references/authentication.mdreferences/payments.md

SKILL.md

Similar Skills

using-git-worktrees

Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.

superpowers

169.2k

subagent-driven-development

3 files

Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.

superpowers

169.2k

dispatching-parallel-agents

Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.

superpowers

169.2k

Stats

Stars1

Forks0

Last CommitApr 11, 2026

Actions

View Source View Plugin View on GitHub View README

auth

Auth Skills

A collection of skills responsible for implementing authentication and payment features.

Feature Details

Feature

Details

Authentication

See references/authentication.md

Payments

See references/payments.md

Execution Steps

Quality Gate (Step 0)

Classify the user's request (authentication or payments)

Read the appropriate reference file from "Feature Details" above

Implement according to its contents

Step 0: Quality Gate (Security Checklist)

Authentication and payment features always carry high security risk. Always display the following before starting work:

🔐 Security Checklist This work is security-critical. Please verify the following: ### Authentication - [ ] Passwords are hashed (bcrypt/argon2) - [ ] Session management is secure (HTTPOnly Cookie) - [ ] CSRF protection is implemented - [ ] Rate limiting (brute-force protection) ### Payments - [ ] Sensitive information (card numbers, etc.) is not stored on the server - [ ] Stripe/payment provider SDK is used correctly - [ ] Webhook signature verification - [ ] Amount tampering prevention (amounts finalized server-side) ### Common - [ ] Error messages are not too detailed (prevent information leakage) - [ ] Sensitive information is not logged

Security Severity Display

⚠️ Severity Level: 🔴 High This feature carries the following risks: - Credential leakage - Unauthorized access - Fraudulent payment operations Expert review is recommended.

For VibeCoders

🔐 Building Login & Payment Features Safely 1. **Hash passwords** - Store passwords in an irreversible form - Data remains safe even if it leaks 2. **Do not store card information on your server** - Delegate to dedicated services like Stripe - Store nothing on your own server 3. **Keep error messages vague** - Use "Authentication failed" instead of "Wrong password" - Do not give hints to malicious actors

Auth Skills

A collection of skills responsible for implementing authentication and payment features.

Feature Details

Feature	Details
Authentication	See references/authentication.md
Payments	See references/payments.md

Execution Steps

Quality Gate (Step 0)
Classify the user's request (authentication or payments)
Read the appropriate reference file from "Feature Details" above
Implement according to its contents

Step 0: Quality Gate (Security Checklist)

Authentication and payment features always carry high security risk. Always display the following before starting work:

🔐 Security Checklist

This work is security-critical. Please verify the following:

### Authentication
- [ ] Passwords are hashed (bcrypt/argon2)
- [ ] Session management is secure (HTTPOnly Cookie)
- [ ] CSRF protection is implemented
- [ ] Rate limiting (brute-force protection)

### Payments
- [ ] Sensitive information (card numbers, etc.) is not stored on the server
- [ ] Stripe/payment provider SDK is used correctly
- [ ] Webhook signature verification
- [ ] Amount tampering prevention (amounts finalized server-side)

### Common
- [ ] Error messages are not too detailed (prevent information leakage)
- [ ] Sensitive information is not logged

Security Severity Display

⚠️ Severity Level: 🔴 High

This feature carries the following risks:
- Credential leakage
- Unauthorized access
- Fraudulent payment operations

Expert review is recommended.

For VibeCoders

🔐 Building Login & Payment Features Safely

1. **Hash passwords**
   - Store passwords in an irreversible form
   - Data remains safe even if it leaks

2. **Do not store card information on your server**
   - Delegate to dedicated services like Stripe
   - Store nothing on your own server

3. **Keep error messages vague**
   - Use "Authentication failed" instead of "Wrong password"
   - Do not give hints to malicious actors