Does this skill help implement Better Auth from scratch?

No, this skill is specifically designed for auditing and hardening existing implementations rather than initial setup. Use it once you have a baseline configuration.

Is it compatible with all Better Auth plugins?

It evaluates the security implications of plugin sprawl and checks the configuration of common plugins like passkeys, 2FA, and magic links.

Can it identify secrets in my codebase?

Yes, it reviews environment variable handling for BETTER_AUTH_SECRET and provider credentials while providing instructions on how to redact and protect sensitive data.

How does it help with production readiness?

It checks critical production settings like trustedOrigins, rateLimit, and cookie security flags to ensure your application is protected against common web attacks.

Better Auth Security Auditor

Name: Better Auth Security Auditor
Author: jscraik

byjscraik

•

Security & Testing

Audits Better Auth integrations to identify security gaps, configuration errors, and production readiness issues.

This skill provides specialized guidance for reviewing and hardening Better Auth implementations within Claude Code. It evaluates existing configurations against modern security standards like the OWASP Top 10:2025, focusing on session management, CSRF protection, origin validation, and provider security. Rather than generating boilerplate code, it delivers prioritized findings and minimal, testable remediations to ensure your authentication stack is robust, compliant, and production-ready.

Key Features

01Evaluation of session handling, cookie persistence, and CSRF controls

02Validation of OAuth provider setups and plugin integrations

032 GitHub stars

04Alignment with OWASP Top 10:2025 security standards

05Comprehensive security auditing of Better Auth configurations

06Step-by-step verification instructions for hardening production auth

Use Cases

01Reviewing account-linking logic and multi-provider security configurations

02Auditing an existing Better Auth setup for hidden security risks before a production release

03Debugging complex session or cookie issues in a specific framework or runtime context

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jscraik/agent-skills best-practices

For use in Claude.ai and ChatGPT

Key Features

01Evaluation of session handling, cookie persistence, and CSRF controls

02Validation of OAuth provider setups and plugin integrations

032 GitHub stars

04Alignment with OWASP Top 10:2025 security standards

05Comprehensive security auditing of Better Auth configurations

06Step-by-step verification instructions for hardening production auth

Use Cases

01Reviewing account-linking logic and multi-provider security configurations

02Auditing an existing Better Auth setup for hidden security risks before a production release

03Debugging complex session or cookie issues in a specific framework or runtime context

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jscraik/agent-skills best-practices

For use in Claude.ai and ChatGPT