implementing-hardware-security-key-authentication
Implements FIDO2/WebAuthn hardware security key authentication for secure, passwordless access, enhancing user verification and security.
Install this skill
or
54/100
Security score
The implementing-hardware-security-key-authentication skill was audited on Jun 5, 2026 and we found 4 security issues across 2 threat categories, including 3 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 121
Prompting for password/secret input
SourceSKILL.md
| 121 | - **Credential upgrade flow**: When a user authenticates with a password, prompt them to register a passkey. Present the WebAuthn registration dialog immediately after successful password login to min |
high line 184
Prompting for password/secret input
SourceSKILL.md
| 184 | 5. Maintain password login as a fallback during the rollout period, with a persistent prompt encouraging passkey setup after each password login |
high line 122
Access to system keychain/keyring
SourceSKILL.md
| 122 | - **Cross-device passkeys**: Support synced passkeys (passkeys stored in platform credential managers like iCloud Keychain, Google Password Manager, or 1Password) for users who do not have hardware se |
low line 71
External URL reference
SourceSKILL.md
| 71 | - **Define RP identity**: Create a `PublicKeyCredentialRpEntity` with the relying party name (display name shown to users) and RP ID (the effective domain of the application). The RP ID must be a regi |
Scanned on Jun 5, 2026
View Security Dashboard