auth-audit
3
总安装量
1
周安装量
#60019
全站排名
安装命令
npx skills add https://github.com/fusengine/agents --skill auth-audit
Agent 安装分布
amp
1
cline
1
opencode
1
cursor
1
continue
1
kimi-cli
1
Skill 文档
Auth Audit Skill
Overview
Comprehensive audit of authentication and authorization implementations.
Audit Categories
| Category | Checks |
|---|---|
| JWT | Signing algo, expiration, refresh, storage |
| Sessions | Storage, expiry, regeneration, fixation |
| OAuth2 | PKCE, state param, redirect validation |
| Passwords | Hashing algo, strength rules, reset flow |
| MFA | Implementation, backup codes, recovery |
Workflow
- Detect auth implementation (JWT, sessions, OAuth)
- Scan for known anti-patterns
- Verify cryptographic choices
- Check token/session lifecycle
- Audit authorization logic (RBAC, ABAC)
Common Vulnerabilities
- JWT signed with
nonealgorithm - JWT secret too short (< 256 bits)
- No token expiration or too long
- Refresh tokens stored in localStorage
- Session fixation after login
- Missing CSRF protection
- OAuth without PKCE for public clients
- Missing
stateparameter in OAuth flow