Skip to main content

authentication

Enables secure authentication and authorization processes, including JWT, OAuth2, and RBAC for user identity management.

Install this skill

or
79/100

Security score

The authentication skill was audited on Feb 21, 2026 and we found 21 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

low line 381

Fetch to external URL

SourceSKILL.md
381const tokenResponse = await fetch('https://provider.com/oauth/token', {
low line 446

Base64 decode operation

SourceSKILL.md
446from jose.utils import base64url_decode
low line 153

External URL reference

SourceSKILL.md
153server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
low line 187

External URL reference

SourceSKILL.md
187api_base_url='https://api.github.com/',
low line 305

External URL reference

SourceSKILL.md
305authorize_url='https://provider.com/oauth/authorize',
low line 307

External URL reference

SourceSKILL.md
307access_token_url='https://provider.com/oauth/token',
low line 366

External URL reference

SourceSKILL.md
366const authUrl = new URL('https://provider.com/oauth/authorize')
low line 381

External URL reference

SourceSKILL.md
381const tokenResponse = await fetch('https://provider.com/oauth/token', {
low line 412

External URL reference

SourceSKILL.md
412'https://provider.com/oauth/token',
low line 435

External URL reference

SourceSKILL.md
435'https://api.service.com/resource',
low line 514

External URL reference

SourceSKILL.md
514issuer="https://provider.com",
low line 572

External URL reference

SourceSKILL.md
572"iss": "https://api.yourdomain.com", # Issuer
low line 574

External URL reference

SourceSKILL.md
574"aud": ["https://api.yourdomain.com"], # Audience
low line 601

External URL reference

SourceSKILL.md
601audience=["https://api.yourdomain.com"],
low line 602

External URL reference

SourceSKILL.md
602issuer="https://api.yourdomain.com",
low line 1013

External URL reference

SourceSKILL.md
1013server_url="http://localhost:8080/",
low line 1056

External URL reference

SourceSKILL.md
1056- [OAuth 2.0 RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749)
low line 1057

External URL reference

SourceSKILL.md
1057- [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
low line 1058

External URL reference

SourceSKILL.md
1058- [JWT Best Practices RFC 8725](https://datatracker.ietf.org/doc/html/rfc8725)
low line 1059

External URL reference

SourceSKILL.md
1059- [OWASP Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
low line 1060

External URL reference

SourceSKILL.md
1060- [OWASP Session Management](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html)
Scanned on Feb 21, 2026
View Security Dashboard

Install this skill with one command

/learn @lobbi-docs/authentication
GitHub Stars 6
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawbackendapisecurity-engineerbackend-developerdevops-sredata-engineerproduct-managerdevelopmentproduct
Lobbi-Docs/claude