What security standards does this skill follow?

The skill follows OWASP Top 10 guidelines, specifically focusing on Broken Access Control and Identification and Authentication Failures.

Does it support custom password hashing?

It is programmed to enforce high-security standards like Argon2id and will flag weaker methods such as MD5, SHA-256, or bcrypt as P1 critical issues.

Which authentication libraries is it optimized for?

While it applies broadly to Node.js environments, it includes specific optimizations and patterns for better-auth and standard session management libraries.

Can it block deployments?

Yes, it is designed to trigger during pre-deployment operations and can block the process if critical P1 security violations are detected.

Auth Security Validator

Name: Auth Security Validator
Author: hirefrank

byhirefrank

•

Seguridad y Pruebas

Validates authentication and session management configurations against OWASP security standards to prevent common vulnerabilities.

Acerca de

The Auth Security Validator is a specialized Claude Code skill designed to autonomously audit and enforce security best practices within your application's authentication layer. It monitors changes to authentication files and session configurations, performing real-time checks for critical issues like weak password hashing (enforcing Argon2id), insecure cookie settings, and insufficient CSRF protection. By integrating directly into the development workflow and pre-deployment phase, it ensures that your application remains compliant with OWASP guidelines and helps prevent security pitfalls before they reach production.

Características Principales

OWASP-compliant security auditing for password hashing and session management
2 GitHub stars
Detailed security reporting with actionable remediation steps
Real-time validation of cookie configurations (Secure, HttpOnly, SameSite)
Automated detection of weak cryptographic algorithms and short session secrets
Pre-deployment blocking for critical P1 security vulnerabilities

Casos de Uso

Auditing session and cookie configurations during application migration
Ensuring CSRF and rate-limiting protections are active before production deployment
Preventing weak password storage by enforcing Argon2id implementation

Acerca de

Características Principales

OWASP-compliant security auditing for password hashing and session management
2 GitHub stars
Detailed security reporting with actionable remediation steps
Real-time validation of cookie configurations (Secure, HttpOnly, SameSite)
Automated detection of weak cryptographic algorithms and short session secrets
Pre-deployment blocking for critical P1 security vulnerabilities

Casos de Uso

Auditing session and cookie configurations during application migration
Ensuring CSRF and rate-limiting protections are active before production deployment
Preventing weak password storage by enforcing Argon2id implementation