Auth & Security Code Reviewer FAQs

Question 1

What is the primary purpose of the auth-security skill?

Accepted Answer

The skill provides domain-specific guidance for reviewing security-sensitive code, focusing on JWT validation, OAuth flows, and MCP server authorization to prevent critical vulnerabilities.

Question 2

How does it help with JWT security?

Accepted Answer

It ensures proper audience validation, signature verification, and prevents algorithm confusion attacks by enforcing explicit algorithm requirements and correct token handling patterns.

Question 3

Is it compatible with the Model Context Protocol (MCP)?

Accepted Answer

Yes, it specifically covers the latest MCP authorization specifications, including requirements for OAuth 2.1, PKCE, and Resource Indicators to prevent token forwarding.

Question 4

What common vulnerabilities can this skill identify?

Accepted Answer

It is designed to detect token forwarding, missing audience validation, algorithm confusion, confused deputy attacks, and insecure session management.

Question 5

When should I invoke this skill in Claude Code?

Accepted Answer

Invoke it whenever you are analyzing or writing code related to authentication, authorization, API security filters, or token-handling middleware.

Auth & Security Code Reviewer

Key Features

Use Cases

Auth & Security Code Reviewer

Key Features

Use Cases