CtrlK
BlogDocsLog inGet started
Tessl Logo

oauth2-flow-helper

Oauth2 Flow Helper - Auto-activating skill for Security Fundamentals. Triggers on: oauth2 flow helper, oauth2 flow helper Part of the Security Fundamentals skill category.

34

1.00x

Quality

3%

Does it follow best practices?

Impact

90%

1.00x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/oauth2-flow-helper/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

96%

2%

OAuth2 Login Integration for a Single-Page Application

OAuth2 PKCE Authorization Code Flow

Criteria
Without context
With context

PKCE code verifier

100%

100%

PKCE code challenge

100%

100%

State parameter

100%

100%

State validation

100%

100%

No token in URL

100%

100%

Secure token storage

100%

100%

No hardcoded secrets

100%

100%

Step-by-step walkthrough

100%

100%

Vulnerability identification

100%

100%

Redirect URI validation note

0%

33%

Uses Web Crypto API

100%

100%

Without context: $0.5301 · 3m 4s · 21 turns · 22 in / 10,492 out tokens

With context: $0.5927 · 3m 14s · 25 turns · 24 in / 11,107 out tokens

84%

-2%

OAuth2 Callback Handler for a Backend Service

OAuth2 Callback Input Validation

Criteria
Without context
With context

State param validation

100%

100%

Error param handling

100%

100%

Auth code format check

100%

100%

Redirect URI whitelist

50%

33%

Validation separate from business logic

100%

100%

At least 5 test cases

100%

100%

CSRF test case

100%

100%

Scope validation

0%

0%

Validation rules document

100%

100%

No secret in code

100%

100%

Production-ready error responses

100%

100%

Without context: $0.6339 · 2m 48s · 25 turns · 25 in / 10,706 out tokens

With context: $0.8103 · 3m · 37 turns · 36 in / 11,054 out tokens

92%

OAuth2 Security Audit and Remediation

OAuth2 Vulnerability Detection and Remediation

Criteria
Without context
With context

Weak state entropy

100%

100%

Missing state validation

100%

100%

SSL verification disabled

100%

100%

Open redirect vulnerability

100%

100%

Missing error parameter check

0%

0%

Severity ratings present

100%

100%

Standards references

100%

100%

Attack scenario descriptions

100%

100%

Fixed code is functional

100%

100%

Before/after remediation

100%

100%

Token storage not logged

100%

100%

Identifies 4+ vulnerabilities

100%

100%

Without context: $0.3512 · 2m 11s · 12 turns · 13 in / 7,993 out tokens

With context: $0.5504 · 2m 31s · 24 turns · 22 in / 9,323 out tokens

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

994edc4

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

OAuth2 Login Integration for a Single-Page ApplicationOAuth2 Callback Handler for a Backend ServiceOAuth2 Security Audit and Remediation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill