auth-sec
Entry P1 category router for authentication and authorization. Use when testing login flows, sessions, object authorization, JWT, OAuth, CORS, CSRF, and enterprise SSO weaknesses before any deeper auth topic skill.
How do I install this agent skill?
npx skills add https://github.com/yaklang/hack-skills --skill auth-secIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill serves as a navigational entry point for authentication and authorization security testing topics. It is a documentation-only resource with no executable code.
- Socketpass
No alerts
- Snykpass
Risk: LOW · No issues
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
Authentication and Authorization Router
This is the routing entry point for authentication, sessions, and authorization boundaries.
Use it to decide whether the issue is mainly login mechanics, object-level authorization, browser trust boundaries, or identity protocols such as OAuth/JWT/SAML before going deeper.
When to Use
- The target includes login, registration, password reset, 2FA, sessions, JWT, OAuth, or SSO
- You suspect object authorization flaws, cross-tenant access, cross-origin reads, CSRF, or protocol misconfiguration
- You need to decide whether to test authentication or authorization first
Skill Map
- Authentication Bypass: login bypass, password reset, 2FA, enumeration, brute-force protections
- IDOR Broken Object Authorization: IDOR, BOLA, BFLA, missing object permissions
- JWT OAuth Token Attacks: algorithm confusion, key trust issues, claim abuse, token forgery
- OAuth OIDC Misconfiguration: redirect URI, state, nonce, PKCE, account binding
- CSRF Cross Site Request Forgery: CSRF tokens, SameSite, JSON CSRF, login CSRF
- CORS Cross Origin Misconfiguration: reflected Origin, credentialed cross-origin reads, allowlist bypass
- SAML SSO Assertion Attacks: assertion wrapping, signature validation, audience, ACS boundaries
Recommended Flow
- First confirm the authentication model and session boundaries
- Then confirm object-level and function-level authorization
- Then move to token, cross-origin, and protocol details
- If enterprise federation exists, continue with OAuth, OIDC, or SAML topics
Related Categories
- api-sec
- Default credentials, username variants, wordlist sizing, and port focus are consolidated in authbypass-authentication-flaws
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/yaklang/hack-skills/auth-sec">View auth-sec on skillZs</a>