validating-authentication-implementations

This skill enables Claude to validate authentication implementations against security best practices and industry standards. It analyzes various authentication methods, including JWT, OAuth, session-based authentication, and API keys. Use this skill when you need to perform an authentication security check, assess password policies, evaluate MFA implementation, or analyze session security. Trigger this skill with phrases like "validate authentication," "authentication check," or "authcheck."

1.07x

Quality

53%

Does it follow best practices?

Impact

83%

1.07x

Average score across 15 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/authentication-validator/skills/authentication-validator/SKILL.md

Evaluation results

91%

36%

JWT Authentication Security Review

JWT security report structure

Criteria

Without context

With context

Password security section

87%

100%

Session management section

33%

50%

Token security section

87%

100%

MFA section

100%

Account security section

100%

Signing algorithm check

41%

50%

Expiration claim check

100%

Audience/issuer validation check

100%

Short-lived token recommendation

100%

Refresh token rotation recommendation

25%

100%

bcrypt or Argon2 recommendation

100%

76%

11%

Session-Based Authentication Audit

Session cookie security checks

Criteria

Without context

With context

Password security section

16%

Session management section

66%

100%

Token/auth security section

50%

66%

MFA section

Account security section

33%

50%

HttpOnly attribute check

50%

100%

Secure attribute check

100%

SameSite attribute check

100%

Session fixation check

100%

CSRF vulnerability check

100%

MFA recommendation

100%

21%

Authentication Design Review for New User Service

Password hashing and token rotation

Criteria

Without context

With context

Password security section

100%

Session management section

40%

100%

Token security section

100%

MFA section

100%

Account security section

40%

100%

bcrypt recommendation

100%

Argon2 recommendation

100%

Salt generation note

100%

Short-lived token recommendation

100%

Refresh token rotation

100%

MFA recommendation

100%

No rotation in current impl

100%

61%

OAuth Integration Security Review

OAuth 2.0 authentication analysis

Criteria

Without context

With context

Password security section

40%

80%

Session management section

80%

100%

Token security section

87%

100%

MFA section

Account security section

20%

80%

State parameter check

100%

PKCE check

78%

100%

Redirect URI check

Implicit flow deprecation

100%

Short-lived token recommendation

22%

MFA recommendation

70%

-7%

API Security Assessment for Developer Platform

API key authentication analysis

Criteria

Without context

With context

Password security section

100%

Session management section

20%

Token security section

100%

MFA section

Account security section

100%

60%

Plaintext key storage

100%

Keys in URL parameters

100%

No key rotation

58%

16%

No scope restriction

100%

bcrypt or Argon2 recommendation

100%

MFA recommendation

88%

-11%

Authentication Hardening for Healthcare Portal

MFA and account security checks

Criteria

Without context

With context

Password security section

100%

Session management section

100%

Token security section

100%

MFA section

100%

Account security section

87%

100%

TOTP secret exposure

100%

MFA not enforced

100%

Username enumeration

100%

No account lockout

100%

bcrypt or Argon2 recommendation

100%

MFA enforcement recommendation

100%

90%

HealthConnect Portal Security Review

Hybrid session and JWT authentication analysis

Criteria

Without context

With context

Password security section

100%

Session management section

100%

Token security section

100%

MFA section

100%

Account security section

12%

37%

JWT signing algorithm

70%

50%

JWT expiration finding

100%

JWT audience/issuer finding

100%

Session HttpOnly finding

100%

Session Secure finding

100%

Refresh token recommendation

100%

ShopFlow Platform Authentication Audit

Legacy authentication security assessment

Criteria

Without context

With context

Password security section

100%

Session management section

100%

Token security section

100%

MFA section

100%

Account security section

100%

bcrypt or Argon2 recommendation

100%

Per-user salt recommendation

100%

Short-lived token recommendation

100%

Refresh token rotation

100%

MFA recommendation

100%

77%

DataBridge Partner API Security Review

OAuth and API key partner authentication validation

Criteria

Without context

With context

Password security section

Session management section

Token security section

40%

MFA section

Account security section

OAuth state parameter

100%

PKCE requirement

100%

Implicit flow deprecation

100%

Redirect URI wildcard finding

100%

API key URL exposure

100%

API key plaintext storage

100%

API key rotation

100%

API key scope restriction

100%

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 13d35b8

Evaluated: about 2 months ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

JWT Authentication Security Review Session-Based Authentication Audit Authentication Design Review for New User Service OAuth Integration Security Review API Security Assessment for Developer Platform Authentication Hardening for Healthcare Portal HealthConnect Portal Security Review ShopFlow Platform Authentication Audit DataBridge Partner API Security Review

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.