auth-auditor
Audit your authentication implementation for security flaws. Use when you need to verify your auth is actually secure.
Install
mkdir -p .claude/skills/auth-auditor && curl -L -o skill.zip "https://mcp.directory/api/skills/download/8465" && unzip -o skill.zip -d .claude/skills/auth-auditor && rm skill.zipInstalls to .claude/skills/auth-auditor
About this skill
Auth Auditor
You implemented auth. But did you do it right? This tool audits your authentication code for common security mistakes. Missing CSRF tokens, weak password hashing, insecure session management, JWT misuse. It checks all of it and tells you what needs fixing.
One command. Zero config. Just works.
Quick Start
npx ai-auth-check src/
What It Does
- Scans your auth implementation for security vulnerabilities
- Checks password hashing algorithms and salt usage
- Detects missing CSRF protection on state changing endpoints
- Finds insecure session configuration and JWT problems
- Reports issues with severity levels and specific fix instructions
Usage Examples
# Audit your entire auth system
npx ai-auth-check src/
# Check specific auth files
npx ai-auth-check src/auth/
# Scan middleware and route handlers
npx ai-auth-check src/middleware/ src/routes/
Best Practices
- Use bcrypt or argon2 for passwords - MD5 and SHA are not password hashing algorithms, no matter what that tutorial said
- Set httpOnly and secure flags on cookies - Missing these is one of the most common auth mistakes
- Rotate JWT secrets - Hardcoded secrets that never change are a ticking time bomb
- Rate limit login attempts - Without rate limiting, brute force attacks are trivial
When to Use This
- Before launching any app that handles user accounts
- After implementing a custom auth flow instead of using a library
- When migrating from one auth provider to another
- During security review of authentication related code
Part of the LXGIC Dev Toolkit
This is one of 110+ free developer tools built by LXGIC Studios. No paywalls, no sign-ups, no API keys on free tiers. Just tools that work.
Find more:
- GitHub: https://github.com/LXGIC-Studios
- Twitter: https://x.com/lxgicstudios
- Substack: https://lxgicstudios.substack.com
- Website: https://lxgic.dev
Requirements
No install needed. Just run with npx. Node.js 18+ recommended.
npx ai-auth-check --help
How It Works
The tool scans your source code for authentication patterns including login handlers, session management, password storage, and token generation. It analyzes these against security best practices and common vulnerability patterns, then uses AI to generate context-specific fix recommendations.
License
MIT. Free forever. Use it however you want.
More by openclaw
View all skills by openclaw →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
Google GenAI ToolboxMCP Toolbox for Databases by Google. An open-source server that lets AI agents query Cloud SQL, Spanner, AlloyDB, and ot
Security AuditSecurity Audit analyzes Node.js dependencies for vulnerabilities using npm-audit-report, delivering actionable security
React Native Development GuideGet expert React Native software guidance with tools for component analysis, performance, debugging, and migration betwe
Authenticator AppSecurely access two-factor authentication codes and passwords with this advanced password manager for seamless login ass
arch-linux-mcpHigh-performance Arch Linux MCP server — Model Context Protocol implementation for lightweight, secure, and custom deplo
Okta MCP ServerOfficial Okta MCP server for managing identity and access management through AI. Automate user provisioning, group manag
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.