What programming languages are supported?

Through integrations with Semgrep, Bandit, and Gosec, it supports a wide range of languages including Python, Go, JavaScript, and Java, as well as general pattern matching for other environments.

Can it automatically fix the vulnerabilities it finds?

Yes, when the --fix flag is used, the skill can transition from analysis to remediation, providing suggested code changes to resolve the identified security issues.

Does this skill replace a professional security audit?

While it provides high-quality automated analysis and uses expert-level heuristics, it is intended to assist developers during the SDLC and should be part of a broader security strategy.

Which security standards does this skill follow?

It primarily maps findings to the OWASP Top 10 (specifically A07: Identification and Authentication Failures), STRIDE mapping, and relevant CWE references like CWE-287 and CWE-916.

Authentication Security Auditor

Name: Authentication Security Auditor
Author: florianbuetow

byflorianbuetow

•

Seguridad y Pruebas

Audits source code for authentication vulnerabilities and session management failures to align with OWASP security standards.

The Authentication Security Skill for Claude Code provides automated and deep-dive analysis of your application's identity management logic. It identifies critical flaws such as weak credential hashing, missing multi-factor authentication, insecure session handling, and JWT misconfigurations. By mapping findings to OWASP Top 10 A07, STRIDE, and CWE references, it helps developers secure their login flows and session lifecycles with actionable remediation steps, severity-rated reports, and automated fix generation.

Características Principales

01Integration with security scanners like Semgrep, Bandit, and Gosec

02JWT security analysis including 'none' algorithm and hardcoded secret detection

03Automated scanning for weak password hashing and plain-text storage

04Actionable remediation suggestions with code diffs and severity ratings

05Detection of session management flaws like fixation and missing invalidation

066 GitHub stars

Casos de Uso

01Checking existing applications for compliance with OWASP Top 10 A07 standards

02Performing a security audit on a new user registration or login module

03Identifying hardcoded secrets or weak cryptographic practices in authentication middleware

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code auth

For use in Claude.ai and ChatGPT

Download Skill