Does it provide instructions on how to fix the security issues?

Every identified vulnerability includes a 'Fix' section with a secure code implementation example to help you remediate the issue immediately.

Can it detect session fixation issues?

Yes, it analyzes session management patterns to ensure session_regenerate_id() is called during privilege changes and checks for secure cookie flags.

Does this skill support modern PHP hashing standards?

Yes, the skill promotes the use of password_hash with PASSWORD_ARGON2ID while specifically flagging legacy methods like MD5, SHA1, and plain-text storage.

Is this skill compatible with PHP frameworks like Laravel or Symfony?

While designed for general PHP architecture, the detection patterns cover standard vulnerabilities applicable to all major PHP frameworks and custom implementations.

PHP Authentication Security Auditor

Name: PHP Authentication Security Auditor
Author: dykyi-roman

bydykyi-roman

•

セキュリティとテスト

Audits PHP applications for authentication vulnerabilities, identifying weak hashing, session risks, and missing authorization checks.

This skill enables Claude to perform comprehensive security audits on PHP codebases, specifically targeting the authentication layer. It identifies critical vulnerabilities such as plain-text password storage, weak hashing algorithms (MD5/SHA1), insecure session management, and predictable token generation. By leveraging standardized detection patterns and grep-based analysis, it provides developers with clear severity classifications, attack vector explanations, and actionable code fixes to ensure robust application security and compliance with standards like CWE-287.

主な機能

0145 GitHub stars

02Identifies session management flaws including fixation and missing regeneration

03Flags missing authentication checks in controllers and service layers

04Detects weak password hashing and plain-text storage vulnerabilities

05Provides severity-rated reports with CWE mapping and secure code remediations

06Analyzes token generation for cryptographic strength and timing attack risks

ユースケース

01Automating security checks during the code review process to prevent credential exposure

02Performing pre-deployment security audits on PHP web applications

03Reviewing legacy PHP code for modern authentication and security standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-authentication

For use in Claude.ai and ChatGPT

Download Skill