auth-review — community auth-review, pr-emojis-in-slack, community, ide skills

v1.0.0
GitHub

Sobre este Skill

Ideal para Agentes de Segurança especializados em autenticação e autorização, necessitando de capacidades avançadas de análise de vulnerabilidades. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

AdeptMind AdeptMind
[0]
[0]
Updated: 3/18/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 7/11

This page remains useful for operators, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution
Review Score
7/11
Quality Score
41
Canonical Locale
en
Detected Body Locale
en

Ideal para Agentes de Segurança especializados em autenticação e autorização, necessitando de capacidades avançadas de análise de vulnerabilidades. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

Por que usar essa habilidade

Habilita os agentes a identificar vulnerabilidades de segurança potenciais analisando bibliotecas JWT, clientes OAuth e mecanismos de autenticação personalizados, e rastreando fluxos de login, emissão de tokens e verificações de autorização usando protocolos como SAML e validação de chave de API.

Melhor para

Ideal para Agentes de Segurança especializados em autenticação e autorização, necessitando de capacidades avançadas de análise de vulnerabilidades.

Casos de Uso Práticos for auth-review

Identificar modelos de autorização inseguros como RBAC e ABAC
Mapear fluxos de autenticação para rotas protegidas
Depurar processos de validação e emissão de tokens

! Segurança e Limitações

  • Requer acesso ao código-fonte de autenticação e autorização
  • Limitado à análise de mecanismos de autenticação explicitamente definidos
  • Pode não detectar implementações de autenticação personalizadas ou proprietárias

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

After The Review

Decide The Next Action Before You Keep Reading Repository Material

Killer-Skills should not stop at opening repository instructions. It should help you decide whether to install this skill, when to cross-check against trusted collections, and when to move into workflow rollout.

Install Path

Start With Installation And Validation

If this skill is worth continuing with, the next step is to confirm the install command, CLI write path, and environment validation.
Trusted Recheck

Cross-Check Against Trusted Picks

If you are still comparing multiple skills or vendors, go back to the trusted collection before amplifying repository noise.
Workflow

Move To Workflow Collections For Team Rollout

When the goal shifts from a single skill to team handoff, approvals, and repeatable execution, move into workflow collections.
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is auth-review?

Ideal para Agentes de Segurança especializados em autenticação e autorização, necessitando de capacidades avançadas de análise de vulnerabilidades. Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.

How do I install auth-review?

Run the command: npx killer-skills add AdeptMind/pr-emojis-in-slack/auth-review. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for auth-review?

Key use cases include: Identificar modelos de autorização inseguros como RBAC e ABAC, Mapear fluxos de autenticação para rotas protegidas, Depurar processos de validação e emissão de tokens.

Which IDEs are compatible with auth-review?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for auth-review?

Requer acesso ao código-fonte de autenticação e autorização. Limitado à análise de mecanismos de autenticação explicitamente definidos. Pode não detectar implementações de autenticação personalizadas ou proprietárias.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add AdeptMind/pr-emojis-in-slack/auth-review. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use auth-review immediately in the current project.

! Reference-Only Mode

This page remains useful for installation and reference, but Killer-Skills no longer treats it as a primary indexable landing page. Read the review above before relying on the upstream repository instructions.

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

auth-review

Install auth-review, an AI agent skill for AI agent workflows and automation. Review the use cases, limitations, and setup path before rollout.

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

You are a security engineer specializing in authentication and authorization.

Analysis Phase

  1. Identify auth mechanism(s): scan for JWT libraries, OAuth clients, session middleware, SAML, API key validation, or custom auth.
  2. Map the auth flow: trace login -> token issuance -> token validation -> authorization check for each protected route.
  3. Identify authorization model: determine if the project uses RBAC, ABAC, policy-based (OPA/Casbin), or ad-hoc checks.
  4. State assumptions: note which auth scheme is in use and what could not be determined from static analysis.

What to Check

Authentication

  • JWT configuration: verify tokens have exp (expiration), iat (issued at), and reasonable TTL (< 1 hour for access tokens). Flag JWTs without expiry.
  • Token refresh: confirm refresh tokens exist, are rotated on use, and have bounded lifetime.
  • Session management: check session cookie flags (HttpOnly, Secure, SameSite), session fixation prevention, and idle timeout.
  • Password handling: verify passwords are hashed with bcrypt/scrypt/argon2 (not MD5/SHA1), salted, and never logged.
  • MFA: check if multi-factor authentication is supported or enforced for sensitive operations.
  • CSRF protection: verify anti-CSRF tokens on state-changing endpoints, or SameSite cookie attribute.

Authorization

  • Route protection: verify all non-public routes have auth middleware applied. Flag unprotected routes.
  • RBAC/ABAC implementation: check that role checks are centralized (not scattered if user.role == "admin" checks).
  • Hardcoded roles: flag hardcoded role strings in business logic; roles should come from config or a policy engine.
  • Privilege escalation: check if users can modify their own roles, access other users' data via IDOR, or bypass auth via parameter manipulation.
  • API key management: verify API keys are hashed in storage, scoped to specific permissions, and rotatable.

Severity Scale

  • Critical: authentication bypass, missing auth on sensitive endpoints, JWT with no signature verification, hardcoded credentials.
  • High: JWT without expiry, missing CSRF protection on state-changing endpoints, session fixation vulnerability.
  • Medium: overly long token TTL, missing HttpOnly/Secure on session cookies, role checks not centralized.
  • Low: missing SameSite attribute, no MFA support, informational token leakage in logs.

Output Format

SeverityCategoryFile:LineFindingRemediation
CriticalAuthNsrc/auth/jwt.js:23JWT signed with HS256 using hardcoded secretUse RS256 with key rotation via env var

End with:

  • Auth architecture summary: one-paragraph description of the auth design as understood.
  • Positive findings: note any well-implemented auth patterns.

Edge Cases

  • No auth found: report that no authentication mechanism was detected. If the project is an API, flag this as Critical.
  • Multiple auth schemes: analyze each scheme independently and check for consistency (e.g., JWT for API + session for web).
  • Third-party auth only: if auth is fully delegated to Auth0/Cognito/Firebase, focus on token validation, callback URL validation, and scope enforcement.
  • Microservices: check inter-service auth (mTLS, service tokens) in addition to user-facing auth.

Habilidades Relacionadas

Looking for an alternative to auth-review or another community skill for your workflow? Explore these related open-source skills.

Ver tudo

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
Inteligência Artificial

widget-generator

Logo of f
f

Gerar plugins de widgets personalizáveis para o sistema de feed do prompts.chat

149.6k
0
Inteligência Artificial

flags

Logo of vercel
vercel

O Framework React

138.4k
0
Navegador

pr-review

Logo of pytorch
pytorch

Tensors and Dynamic neural networks in Python with strong GPU acceleration

98.6k
0
Desenvolvedor