What is the primary purpose of the auth-security skill?

The skill provides domain-specific guidance for reviewing security-sensitive code, focusing on JWT validation, OAuth flows, and MCP server authorization to prevent critical vulnerabilities.

How does it help with JWT security?

It ensures proper audience validation, signature verification, and prevents algorithm confusion attacks by enforcing explicit algorithm requirements and correct token handling patterns.

Is it compatible with the Model Context Protocol (MCP)?

Yes, it specifically covers the latest MCP authorization specifications, including requirements for OAuth 2.1, PKCE, and Resource Indicators to prevent token forwarding.

What common vulnerabilities can this skill identify?

It is designed to detect token forwarding, missing audience validation, algorithm confusion, confused deputy attacks, and insecure session management.

When should I invoke this skill in Claude Code?

Invoke it whenever you are analyzing or writing code related to authentication, authorization, API security filters, or token-handling middleware.

Auth & Security Code Reviewer

Name: Auth & Security Code Reviewer
Author: bbrowning

bybbrowning

보안 및 테스팅

Performs deep security audits of authentication and authorization logic, ensuring compliance with OAuth 2.1, JWT standards, and MCP protocols.

소개

This skill empowers Claude to act as a security expert when reviewing code changes involving access control. It provides automated checklists for JWT validation, prevents critical vulnerabilities like token forwarding and algorithm confusion, and ensures strict adherence to modern standards like OAuth 2.1 and PKCE. It is particularly useful for developers building Model Context Protocol (MCP) servers or complex service-to-service architectures where secure token exchange and audience validation are paramount for preventing confused deputy attacks.

주요 기능

OAuth 2.1 and PKCE compliance auditing for modern auth flows
Comprehensive JWT security validation for audience, issuer, and signatures
Detection of common anti-patterns like algorithm confusion and weak secrets
MCP server authorization pattern enforcement and implementation guidance
Token exchange verification to prevent insecure token forwarding
0 GitHub stars

사용 사례

Hardening Model Context Protocol (MCP) server implementations against vulnerabilities
Auditing service-to-service token exchange logic in microservices
Reviewing Pull Requests for new API authentication endpoints

소개

주요 기능

OAuth 2.1 and PKCE compliance auditing for modern auth flows
Comprehensive JWT security validation for audience, issuer, and signatures
Detection of common anti-patterns like algorithm confusion and weak secrets
MCP server authorization pattern enforcement and implementation guidance
Token exchange verification to prevent insecure token forwarding
0 GitHub stars

사용 사례

Hardening Model Context Protocol (MCP) server implementations against vulnerabilities
Auditing service-to-service token exchange logic in microservices
Reviewing Pull Requests for new API authentication endpoints