auth-analyzer

Analyzes authentication and authorization patterns to identify security vulnerabilities and provide remediation guidance.

Install this skill

or

0/100

Security score

The auth-analyzer skill was audited on Feb 9, 2026 and we found 27 security issues across 5 threat categories, including 9 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 611

Template literal with variable interpolation in command context

SourceSKILL.md

611	const fakeToken = `header.${base64Payload}.fakesignature`;

high line 616

Template literal with variable interpolation in command context

SourceSKILL.md

616	'Authorization': `Bearer ${fakeToken}`

high line 849

Template literal with variable interpolation in command context

SourceSKILL.md

849	sendEmail(user.email, `Reset link: /reset?token=${resetToken}`);

high line 907

Template literal with variable interpolation in command context

SourceSKILL.md

907	const resetURL = `https://example.com/reset?token=${resetToken}`;

high line 908

Template literal with variable interpolation in command context

SourceSKILL.md

908	await sendEmail(user.email, `Reset link (expires in 15min): ${resetURL}`);

high line 990

Template literal with variable interpolation in command context

SourceSKILL.md

990	return `${req.ip}-${req.body.email}`;

high line 695

Curl to non-GitHub URL

SourceSKILL.md

695	curl -X PUT https://api.example.com/api/users/456 \

high line 701

Curl to non-GitHub URL

SourceSKILL.md

701	curl https://api.example.com/api/orders/$i \

high line 972

Curl to non-GitHub URL

SourceSKILL.md

972	curl -X POST https://example.com/api/login \

medium line 614

Fetch to external URL

SourceSKILL.md

614	fetch('/api/admin/users', {

low line 112

Access to .env file

SourceSKILL.md

112	secret: process.env.SESSION_SECRET, // Strong, random secret

low line 174

Access to .env file

SourceSKILL.md

174	process.env.JWT_SECRET, // Strong secret (256+ bits)

low line 187

Access to .env file

SourceSKILL.md

187	process.env.REFRESH_TOKEN_SECRET,

low line 197

Access to .env file

SourceSKILL.md

197	return jwt.verify(token, process.env.JWT_SECRET, {

low line 263

Access to .env file

SourceSKILL.md

263	clientID: process.env.OAUTH_CLIENT_ID,

low line 264

Access to .env file

SourceSKILL.md

264	clientSecret: process.env.OAUTH_CLIENT_SECRET,

medium line 642

Access to .env file

SourceSKILL.md

642	const payload = jwt.verify(token, process.env.JWT_SECRET, {

medium line 1085

Access to .env file

SourceSKILL.md

1085	const JWT_SECRET = process.env.JWT_SECRET;

low line 248

Buffer.from base64 decode

SourceSKILL.md

248	const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64'));

medium line 587

Buffer.from base64 decode

SourceSKILL.md

587	Buffer.from(token.split('.')[1], 'base64').toString()

low line 261

External URL reference

SourceSKILL.md

261	authorizationURL: 'https://provider.com/oauth/authorize',

low line 262

External URL reference

SourceSKILL.md

262	tokenURL: 'https://provider.com/oauth/token',

low line 265

External URL reference

SourceSKILL.md

265	callbackURL: 'https://example.com/auth/callback',

low line 695

External URL reference

SourceSKILL.md

695	curl -X PUT https://api.example.com/api/users/456 \

low line 701

External URL reference

SourceSKILL.md

701	curl https://api.example.com/api/orders/$i \

low line 907

External URL reference

SourceSKILL.md

907	const resetURL = `https://example.com/reset?token=${resetToken}`;

low line 972

External URL reference

SourceSKILL.md

972	curl -X POST https://example.com/api/login \

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorydevelopment

UpdatedApril 4, 2026

openclaw backend security-engineer backend-developer devops-sre development

majiayu000/claude-skill-registry