auth-implementation-patterns
Master authentication and authorization patterns to build secure, scalable access control systems for APIs and applications.
Install this skill
or
84/100
Security score
The auth-implementation-patterns skill was audited on Mar 8, 2026 and we found 12 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 353
Template literal with variable interpolation in command context
SourceSKILL.md
| 353 | `${process.env.FRONTEND_URL}/auth/callback?token=${tokens.accessToken}`, |
low line 79
Access to .env file
SourceSKILL.md
| 79 | process.env.JWT_SECRET!, |
low line 85
Access to .env file
SourceSKILL.md
| 85 | process.env.JWT_REFRESH_SECRET!, |
low line 95
Access to .env file
SourceSKILL.md
| 95 | return jwt.verify(token, process.env.JWT_SECRET!) as JWTPayload; |
low line 156
Access to .env file
SourceSKILL.md
| 156 | payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET!) as { |
low line 185
Access to .env file
SourceSKILL.md
| 185 | process.env.JWT_SECRET!, |
low line 235
Access to .env file
SourceSKILL.md
| 235 | url: process.env.REDIS_URL, |
low line 242
Access to .env file
SourceSKILL.md
| 242 | secret: process.env.SESSION_SECRET!, |
low line 246
Access to .env file
SourceSKILL.md
| 246 | secure: process.env.NODE_ENV === "production", // HTTPS only |
low line 309
Access to .env file
SourceSKILL.md
| 309 | clientID: process.env.GOOGLE_CLIENT_ID!, |
low line 310
Access to .env file
SourceSKILL.md
| 310 | clientSecret: process.env.GOOGLE_CLIENT_SECRET!, |
low line 353
Access to .env file
SourceSKILL.md
| 353 | `${process.env.FRONTEND_URL}/auth/callback?token=${tokens.accessToken}`, |
Scanned on Mar 8, 2026
View Security DashboardGitHub Stars 30.6K
Rate this skill
Categorydevelopment
UpdatedApril 10, 2026
openclawbackendapibackend-developersecurity-engineerdevops-sreproduct-managertechnical-pmdevelopmentproduct
developer-essentialswshobson/agents