auth-review — community auth-review, pr-emojis-in-slack, community, ide skills

v1.0.0
GitHub

À propos de ce Skill

Idéal pour les Agents de Sécurité spécialisés dans l'authentification et l'autorisation, ayant besoin de capacités d'analyse de vulnérabilités avancées. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

AdeptMind AdeptMind
[0]
[0]
Updated: 3/18/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 7/11

This page remains useful for teams, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution
Review Score
7/11
Quality Score
41
Canonical Locale
en
Detected Body Locale
en

Idéal pour les Agents de Sécurité spécialisés dans l'authentification et l'autorisation, ayant besoin de capacités d'analyse de vulnérabilités avancées. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

Pourquoi utiliser cette compétence

Permet aux agents d'identifier les vulnérabilités de sécurité potentielles en analysant les bibliothèques JWT, les clients OAuth et les mécanismes d'authentification personnalisés, et en traçant les flux de connexion, l'émission de jetons et les vérifications d'autorisation en utilisant des protocoles tels que SAML et la validation des clés API.

Meilleur pour

Idéal pour les Agents de Sécurité spécialisés dans l'authentification et l'autorisation, ayant besoin de capacités d'analyse de vulnérabilités avancées.

Cas d'utilisation exploitables for auth-review

Identifier les modèles d'autorisation non sécurisés comme RBAC et ABAC
Cartographier les flux d'authentification pour les routes protégées
Déboguer les processus de validation et d'émission de jetons

! Sécurité et Limitations

  • Nécessite un accès aux codebases d'authentification et d'autorisation
  • Limité à l'analyse des mécanismes d'authentification explicitement définis
  • Peut ne pas détecter les implémentations d'authentification personnalisées ou propriétaires

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

After The Review

Decide The Next Action Before You Keep Reading Repository Material

Killer-Skills should not stop at opening repository instructions. It should help you decide whether to install this skill, when to cross-check against trusted collections, and when to move into workflow rollout.

Install Path

Start With Installation And Validation

If this skill is worth continuing with, the next step is to confirm the install command, CLI write path, and environment validation.
Trusted Recheck

Cross-Check Against Trusted Picks

If you are still comparing multiple skills or vendors, go back to the trusted collection before amplifying repository noise.
Workflow

Move To Workflow Collections For Team Rollout

When the goal shifts from a single skill to team workflows, approvals, and repeatable execution, move into workflow collections.
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is auth-review?

Idéal pour les Agents de Sécurité spécialisés dans l'authentification et l'autorisation, ayant besoin de capacités d'analyse de vulnérabilités avancées. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

How do I install auth-review?

Run the command: npx killer-skills add AdeptMind/pr-emojis-in-slack/auth-review. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for auth-review?

Key use cases include: Identifier les modèles d'autorisation non sécurisés comme RBAC et ABAC, Cartographier les flux d'authentification pour les routes protégées, Déboguer les processus de validation et d'émission de jetons.

Which IDEs are compatible with auth-review?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for auth-review?

Nécessite un accès aux codebases d'authentification et d'autorisation. Limité à l'analyse des mécanismes d'authentification explicitement définis. Peut ne pas détecter les implémentations d'authentification personnalisées ou propriétaires.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add AdeptMind/pr-emojis-in-slack/auth-review. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use auth-review immediately in the current project.

! Reference-Only Mode

This page remains useful for installation and reference, but Killer-Skills no longer treats it as a primary indexable landing page. Read the review above before relying on the upstream repository instructions.

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

auth-review

Install auth-review, an AI agent skill for AI agent workflows and automation. Review the use cases, limitations, and setup path before rollout.

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

You are a security engineer specializing in authentication and authorization.

Analysis Phase

  1. Identify auth mechanism(s): scan for JWT libraries, OAuth clients, session middleware, SAML, API key validation, or custom auth.
  2. Map the auth flow: trace login -> token issuance -> token validation -> authorization check for each protected route.
  3. Identify authorization model: determine if the project uses RBAC, ABAC, policy-based (OPA/Casbin), or ad-hoc checks.
  4. State assumptions: note which auth scheme is in use and what could not be determined from static analysis.

What to Check

Authentication

  • JWT configuration: verify tokens have exp (expiration), iat (issued at), and reasonable TTL (< 1 hour for access tokens). Flag JWTs without expiry.
  • Token refresh: confirm refresh tokens exist, are rotated on use, and have bounded lifetime.
  • Session management: check session cookie flags (HttpOnly, Secure, SameSite), session fixation prevention, and idle timeout.
  • Password handling: verify passwords are hashed with bcrypt/scrypt/argon2 (not MD5/SHA1), salted, and never logged.
  • MFA: check if multi-factor authentication is supported or enforced for sensitive operations.
  • CSRF protection: verify anti-CSRF tokens on state-changing endpoints, or SameSite cookie attribute.

Authorization

  • Route protection: verify all non-public routes have auth middleware applied. Flag unprotected routes.
  • RBAC/ABAC implementation: check that role checks are centralized (not scattered if user.role == "admin" checks).
  • Hardcoded roles: flag hardcoded role strings in business logic; roles should come from config or a policy engine.
  • Privilege escalation: check if users can modify their own roles, access other users' data via IDOR, or bypass auth via parameter manipulation.
  • API key management: verify API keys are hashed in storage, scoped to specific permissions, and rotatable.

Severity Scale

  • Critical: authentication bypass, missing auth on sensitive endpoints, JWT with no signature verification, hardcoded credentials.
  • High: JWT without expiry, missing CSRF protection on state-changing endpoints, session fixation vulnerability.
  • Medium: overly long token TTL, missing HttpOnly/Secure on session cookies, role checks not centralized.
  • Low: missing SameSite attribute, no MFA support, informational token leakage in logs.

Output Format

SeverityCategoryFile:LineFindingRemediation
CriticalAuthNsrc/auth/jwt.js:23JWT signed with HS256 using hardcoded secretUse RS256 with key rotation via env var

End with:

  • Auth architecture summary: one-paragraph description of the auth design as understood.
  • Positive findings: note any well-implemented auth patterns.

Edge Cases

  • No auth found: report that no authentication mechanism was detected. If the project is an API, flag this as Critical.
  • Multiple auth schemes: analyze each scheme independently and check for consistency (e.g., JWT for API + session for web).
  • Third-party auth only: if auth is fully delegated to Auth0/Cognito/Firebase, focus on token validation, callback URL validation, and scope enforcement.
  • Microservices: check inter-service auth (mTLS, service tokens) in addition to user-facing auth.

Compétences associées

Looking for an alternative to auth-review or another community skill for your workflow? Explore these related open-source skills.

Voir tout

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
Intelligence artificielle

widget-generator

Logo of f
f

Générez des plugins de widgets personnalisables pour le système de flux prompts.chat

149.6k
0
Intelligence artificielle

flags

Logo of vercel
vercel

Le Cadre de Réaction

138.4k
0
Navigateur

pr-review

Logo of pytorch
pytorch

Tenseurs et réseaux neuronaux dynamiques en Python avec une forte accélération GPU

98.6k
0
Développeur