ClawHub

auth-patterns

v1.0.0

Authentication and authorization patterns — JWT, OAuth 2.0, sessions, RBAC/ABAC, password security, MFA, and vulnerability prevention. Use when implementing login flows, protecting routes, managing tokens, or auditing auth security.

0· 910·2 current·2 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe auth patterns and the skill contains only prose, diagrams, and code examples relevant to JWT, OAuth2, sessions, RBAC/ABAC, password hashing, MFA, and related topics. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md contains prescriptive guidance, patterns, and example snippets for implementing auth; it does not instruct the agent to read arbitrary files, access environment variables, or transmit data to external endpoints. The guidance is scoped to auth topics.
Install Mechanism
No install spec is provided and there are no code files to execute. README contains example manual install commands (copying local paths) and an 'npx add' example pointing to a GitHub tree, but those are documentation only — the skill itself will not download or extract code at install time.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportional for a documentation/instruction-only skill. The SKILL.md does not reference hidden credentials.
Persistence & Privilege
Flags use platform defaults (always: false, model invocation enabled). The skill does not request permanent presence or attempt to modify other skills or system-wide settings.
Assessment
This skill is instruction-only and internally consistent with its stated purpose — it provides patterns and example code for auth flows without requesting credentials or installing code. Before using: (1) verify the author/source if you plan to copy example code into production (source/homepage unknown), (2) review and test any pasted code (especially token storage and cookie/CORS settings) in your environment, and (3) prefer official libraries and audited implementations for crypto, token handling, and session stores rather than rolling your own based solely on examples here. If you plan to follow the README's npx/copy instructions, inspect the remote repository contents first rather than blindly running install commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk975180t587aa1cgpxg95s6k0580w8s6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments