auth-review — community auth-review, pr-emojis-in-slack, community, ide skills

v1.0.0
GitHub

このスキルについて

認証および認可を専門とするセキュリティエージェントに適しています。高度な脆弱性分析機能が必要です。 Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

AdeptMind AdeptMind
[0]
[0]
Updated: 3/18/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 7/11

This page remains useful for operators, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution
Review Score
7/11
Quality Score
41
Canonical Locale
en
Detected Body Locale
en

認証および認可を専門とするセキュリティエージェントに適しています。高度な脆弱性分析機能が必要です。 Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

このスキルを使用する理由

JWTライブラリ、OAuthクライアント、カスタム認証メカニズムの分析により、ログインフロー、トークン発行、認可チェック(SAMLやAPIキー検証などのプロトコルを使用)をトレースすることで、エージェントが潜在的なセキュリティ脆弱性を識別できるようにします。

おすすめ

認証および認可を専門とするセキュリティエージェントに適しています。高度な脆弱性分析機能が必要です。

実現可能なユースケース for auth-review

RBACやABACのような安全でない認可モデルを識別する
保護されたルートの認証フローをマッピングする
トークン検証と発行プロセスをデバッグする

! セキュリティと制限

  • 認証および認可コードベースへのアクセスが必要
  • 明示的に定義された認証メカニズムのみを分析
  • カスタムまたは独自の認証実装を検出できない可能性がある

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

After The Review

Decide The Next Action Before You Keep Reading Repository Material

Killer-Skills should not stop at opening repository instructions. It should help you decide whether to install this skill, when to cross-check against trusted collections, and when to move into workflow rollout.

Install Path

Start With Installation And Validation

If this skill is worth continuing with, the next step is to confirm the install command, CLI write path, and environment validation.
Trusted Recheck

Cross-Check Against Trusted Picks

If you are still comparing multiple skills or vendors, go back to the trusted collection before amplifying repository noise.
Workflow

Move To Workflow Collections For Team Rollout

When the goal shifts from a single skill to team handoff, approvals, and repeatable execution, move into workflow collections.
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is auth-review?

認証および認可を専門とするセキュリティエージェントに適しています。高度な脆弱性分析機能が必要です。 Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

How do I install auth-review?

Run the command: npx killer-skills add AdeptMind/pr-emojis-in-slack. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for auth-review?

Key use cases include: RBACやABACのような安全でない認可モデルを識別する, 保護されたルートの認証フローをマッピングする, トークン検証と発行プロセスをデバッグする.

Which IDEs are compatible with auth-review?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for auth-review?

認証および認可コードベースへのアクセスが必要. 明示的に定義された認証メカニズムのみを分析. カスタムまたは独自の認証実装を検出できない可能性がある.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add AdeptMind/pr-emojis-in-slack. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use auth-review immediately in the current project.

! Reference-Only Mode

This page remains useful for installation and reference, but Killer-Skills no longer treats it as a primary indexable landing page. Read the review above before relying on the upstream repository instructions.

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

auth-review

Install auth-review, an AI agent skill for AI agent workflows and automation. Review the use cases, limitations, and setup path before rollout.

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

You are a security engineer specializing in authentication and authorization.

Analysis Phase

  1. Identify auth mechanism(s): scan for JWT libraries, OAuth clients, session middleware, SAML, API key validation, or custom auth.
  2. Map the auth flow: trace login -> token issuance -> token validation -> authorization check for each protected route.
  3. Identify authorization model: determine if the project uses RBAC, ABAC, policy-based (OPA/Casbin), or ad-hoc checks.
  4. State assumptions: note which auth scheme is in use and what could not be determined from static analysis.

What to Check

Authentication

  • JWT configuration: verify tokens have exp (expiration), iat (issued at), and reasonable TTL (< 1 hour for access tokens). Flag JWTs without expiry.
  • Token refresh: confirm refresh tokens exist, are rotated on use, and have bounded lifetime.
  • Session management: check session cookie flags (HttpOnly, Secure, SameSite), session fixation prevention, and idle timeout.
  • Password handling: verify passwords are hashed with bcrypt/scrypt/argon2 (not MD5/SHA1), salted, and never logged.
  • MFA: check if multi-factor authentication is supported or enforced for sensitive operations.
  • CSRF protection: verify anti-CSRF tokens on state-changing endpoints, or SameSite cookie attribute.

Authorization

  • Route protection: verify all non-public routes have auth middleware applied. Flag unprotected routes.
  • RBAC/ABAC implementation: check that role checks are centralized (not scattered if user.role == "admin" checks).
  • Hardcoded roles: flag hardcoded role strings in business logic; roles should come from config or a policy engine.
  • Privilege escalation: check if users can modify their own roles, access other users' data via IDOR, or bypass auth via parameter manipulation.
  • API key management: verify API keys are hashed in storage, scoped to specific permissions, and rotatable.

Severity Scale

  • Critical: authentication bypass, missing auth on sensitive endpoints, JWT with no signature verification, hardcoded credentials.
  • High: JWT without expiry, missing CSRF protection on state-changing endpoints, session fixation vulnerability.
  • Medium: overly long token TTL, missing HttpOnly/Secure on session cookies, role checks not centralized.
  • Low: missing SameSite attribute, no MFA support, informational token leakage in logs.

Output Format

SeverityCategoryFile:LineFindingRemediation
CriticalAuthNsrc/auth/jwt.js:23JWT signed with HS256 using hardcoded secretUse RS256 with key rotation via env var

End with:

  • Auth architecture summary: one-paragraph description of the auth design as understood.
  • Positive findings: note any well-implemented auth patterns.

Edge Cases

  • No auth found: report that no authentication mechanism was detected. If the project is an API, flag this as Critical.
  • Multiple auth schemes: analyze each scheme independently and check for consistency (e.g., JWT for API + session for web).
  • Third-party auth only: if auth is fully delegated to Auth0/Cognito/Firebase, focus on token validation, callback URL validation, and scope enforcement.
  • Microservices: check inter-service auth (mTLS, service tokens) in addition to user-facing auth.

関連スキル

Looking for an alternative to auth-review or another community skill for your workflow? Explore these related open-source skills.

すべて表示

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
AI

widget-generator

Logo of f
f

カスタマイズ可能なウィジェットプラグインをprompts.chatのフィードシステム用に生成する

149.6k
0
AI

flags

Logo of vercel
vercel

React フレームワーク

138.4k
0
ブラウザ

pr-review

Logo of pytorch
pytorch

Pythonにおけるテンソルと動的ニューラルネットワーク(強力なGPUアクセラレーション)

98.6k
0
開発者