authentication
Facilitates comprehensive user authentication implementation, covering login, session management, OAuth, and access control.
Install this skill
or
54/100
Security score
The authentication skill was audited on Feb 28, 2026 and we found 14 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
low line 359
Fetch to external URL
SourceSKILL.md
| 359 | fetch('/api/auth/me') |
low line 163
Access to .env file
SourceSKILL.md
| 163 | secure: process.env.NODE_ENV === 'production', |
low line 164
Access to .env file
SourceSKILL.md
| 164 | secrets: [process.env.SESSION_SECRET], |
low line 186
Access to .env file
SourceSKILL.md
| 186 | const payload = jwt.verify(token, process.env.JWT_SECRET!); |
medium line 274
Access to .env file
SourceSKILL.md
| 274 | **Expected Result:** Zero secrets found. All API keys, JWT secrets, and credentials must be in `.env` files. |
medium line 277
Access to .env file
SourceSKILL.md
| 277 | - Move to `.env` or `.env.local` |
medium line 278
Access to .env file
SourceSKILL.md
| 278 | - Use `process.env.VAR_NAME` to access |
medium line 288
Access to .env file
SourceSKILL.md
| 288 | **Expected Result:** All auth-related env vars documented in `.env.example` or README. |
low line 507
Access to .env file
SourceSKILL.md
| 507 | const payload = jwt.verify(token, process.env.JWT_SECRET!); |
medium line 548
Access to .env file
SourceSKILL.md
| 548 | - [ ] Environment variables documented in .env.example |
medium line 579
Access to .env file
SourceSKILL.md
| 579 | - Secret not in .env file |
medium line 583
Access to .env file
SourceSKILL.md
| 583 | 1. Move JWT_SECRET to .env: `JWT_SECRET=<random-256-bit-hex>` |
medium line 585
Access to .env file
SourceSKILL.md
| 585 | 3. Never commit .env to git |
low line 597
External URL reference
SourceSKILL.md
| 597 | 3. For local dev, use http://localhost:3000/api/auth/callback/google (example) |
Scanned on Feb 28, 2026
View Security DashboardInstall this skill with one command
/learn @mgd34msu/authenticationGitHub Stars 4
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawbackendapibackend-developerfullstack-developerproduct-managertechnical-pmdevops-sredevelopmentproduct
mgd34msu/goodvibes-plugin