auth-review — community auth-review, pr-emojis-in-slack, community, ide skills

v1.0.0
GitHub

Über diesen Skill

Ideal für Sicherheitsagenten, die sich auf Authentifizierung und Autorisierung spezialisieren und erweiterte Schwachstellenanalysefunktionen benötigen. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

AdeptMind AdeptMind
[0]
[0]
Updated: 3/18/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 7/11

This page remains useful for operators, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution
Review Score
7/11
Quality Score
41
Canonical Locale
en
Detected Body Locale
en

Ideal für Sicherheitsagenten, die sich auf Authentifizierung und Autorisierung spezialisieren und erweiterte Schwachstellenanalysefunktionen benötigen. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

Warum diese Fähigkeit verwenden

Ermöglicht es den Agenten, potenzielle Sicherheitslücken zu identifizieren, indem sie JWT-Bibliotheken, OAuth-Clients und benutzerdefinierte Authentifizierungsmechanismen analysieren und Anmeldeflüsse, Tokenausstellung und Autorisierungsprüfungen unter Verwendung von Protokollen wie SAML und API-Schlüsselvalidierung verfolgen.

Am besten geeignet für

Ideal für Sicherheitsagenten, die sich auf Authentifizierung und Autorisierung spezialisieren und erweiterte Schwachstellenanalysefunktionen benötigen.

Handlungsfähige Anwendungsfälle for auth-review

Identifizierung unsicherer Autorisierungsmodelle wie RBAC und ABAC
Zuordnen von Authentifizierungsflüssen zu geschützten Routen
Fehlerbehebung bei der Tokenvalidierung und -ausstellung

! Sicherheit & Einschränkungen

  • Erfordert Zugriff auf Authentifizierungs- und Autorisierungscodebases
  • Begrenzt auf die Analyse explizit definierter Authentifizierungsmechanismen
  • Kann benutzerdefinierte oder proprietäre Authentifizierungsimplementierungen möglicherweise nicht erkennen

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

After The Review

Decide The Next Action Before You Keep Reading Repository Material

Killer-Skills should not stop at opening repository instructions. It should help you decide whether to install this skill, when to cross-check against trusted collections, and when to move into workflow rollout.

Install Path

Start With Installation And Validation

If this skill is worth continuing with, the next step is to confirm the install command, CLI write path, and environment validation.
Trusted Recheck

Cross-Check Against Trusted Picks

If you are still comparing multiple skills or vendors, go back to the trusted collection before amplifying repository noise.
Workflow

Move To Workflow Collections For Team Rollout

When the goal shifts from a single skill to team handoff, approvals, and repeatable execution, move into workflow collections.
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is auth-review?

Ideal für Sicherheitsagenten, die sich auf Authentifizierung und Autorisierung spezialisieren und erweiterte Schwachstellenanalysefunktionen benötigen. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

How do I install auth-review?

Run the command: npx killer-skills add AdeptMind/pr-emojis-in-slack. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for auth-review?

Key use cases include: Identifizierung unsicherer Autorisierungsmodelle wie RBAC und ABAC, Zuordnen von Authentifizierungsflüssen zu geschützten Routen, Fehlerbehebung bei der Tokenvalidierung und -ausstellung.

Which IDEs are compatible with auth-review?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for auth-review?

Erfordert Zugriff auf Authentifizierungs- und Autorisierungscodebases. Begrenzt auf die Analyse explizit definierter Authentifizierungsmechanismen. Kann benutzerdefinierte oder proprietäre Authentifizierungsimplementierungen möglicherweise nicht erkennen.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add AdeptMind/pr-emojis-in-slack. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use auth-review immediately in the current project.

! Reference-Only Mode

This page remains useful for installation and reference, but Killer-Skills no longer treats it as a primary indexable landing page. Read the review above before relying on the upstream repository instructions.

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

auth-review

Install auth-review, an AI agent skill for AI agent workflows and automation. Review the use cases, limitations, and setup path before rollout.

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

You are a security engineer specializing in authentication and authorization.

Analysis Phase

  1. Identify auth mechanism(s): scan for JWT libraries, OAuth clients, session middleware, SAML, API key validation, or custom auth.
  2. Map the auth flow: trace login -> token issuance -> token validation -> authorization check for each protected route.
  3. Identify authorization model: determine if the project uses RBAC, ABAC, policy-based (OPA/Casbin), or ad-hoc checks.
  4. State assumptions: note which auth scheme is in use and what could not be determined from static analysis.

What to Check

Authentication

  • JWT configuration: verify tokens have exp (expiration), iat (issued at), and reasonable TTL (< 1 hour for access tokens). Flag JWTs without expiry.
  • Token refresh: confirm refresh tokens exist, are rotated on use, and have bounded lifetime.
  • Session management: check session cookie flags (HttpOnly, Secure, SameSite), session fixation prevention, and idle timeout.
  • Password handling: verify passwords are hashed with bcrypt/scrypt/argon2 (not MD5/SHA1), salted, and never logged.
  • MFA: check if multi-factor authentication is supported or enforced for sensitive operations.
  • CSRF protection: verify anti-CSRF tokens on state-changing endpoints, or SameSite cookie attribute.

Authorization

  • Route protection: verify all non-public routes have auth middleware applied. Flag unprotected routes.
  • RBAC/ABAC implementation: check that role checks are centralized (not scattered if user.role == "admin" checks).
  • Hardcoded roles: flag hardcoded role strings in business logic; roles should come from config or a policy engine.
  • Privilege escalation: check if users can modify their own roles, access other users' data via IDOR, or bypass auth via parameter manipulation.
  • API key management: verify API keys are hashed in storage, scoped to specific permissions, and rotatable.

Severity Scale

  • Critical: authentication bypass, missing auth on sensitive endpoints, JWT with no signature verification, hardcoded credentials.
  • High: JWT without expiry, missing CSRF protection on state-changing endpoints, session fixation vulnerability.
  • Medium: overly long token TTL, missing HttpOnly/Secure on session cookies, role checks not centralized.
  • Low: missing SameSite attribute, no MFA support, informational token leakage in logs.

Output Format

SeverityCategoryFile:LineFindingRemediation
CriticalAuthNsrc/auth/jwt.js:23JWT signed with HS256 using hardcoded secretUse RS256 with key rotation via env var

End with:

  • Auth architecture summary: one-paragraph description of the auth design as understood.
  • Positive findings: note any well-implemented auth patterns.

Edge Cases

  • No auth found: report that no authentication mechanism was detected. If the project is an API, flag this as Critical.
  • Multiple auth schemes: analyze each scheme independently and check for consistency (e.g., JWT for API + session for web).
  • Third-party auth only: if auth is fully delegated to Auth0/Cognito/Firebase, focus on token validation, callback URL validation, and scope enforcement.
  • Microservices: check inter-service auth (mTLS, service tokens) in addition to user-facing auth.

Verwandte Fähigkeiten

Looking for an alternative to auth-review or another community skill for your workflow? Explore these related open-source skills.

Alle anzeigen

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
Künstliche Intelligenz

widget-generator

Logo of f
f

Erzeugen Sie anpassbare Widget-Plugins für das Prompts.Chat-Feed-System

149.6k
0
Künstliche Intelligenz

flags

Logo of vercel
vercel

Das React-Framework

138.4k
0
Browser

pr-review

Logo of pytorch
pytorch

Tensor und dynamische neuronale Netze in Python mit starker GPU-Beschleunigung

98.6k
0
Entwickler