Stats
Actions
Tags
From patchman
Perform a defensive review of authentication and authorization flows in an authorized codebase. Use for login, session, MFA, OAuth, password reset, cookie security, JWT validation, impersonation, privilege checks, and object-level access control.
How this skill is triggered — by the user, by Claude, or both
Slash command
/patchman:auth-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- login and logout correctness
Use the Patchman findings format and call out auth assumptions explicitly.
npx claudepluginhub muhammedzohaib/patchman --plugin patchmanAudit authentication and authorization patterns. Checks JWT, sessions, OAuth2, PKCE implementations for security best practices and common vulnerabilities.
Audits authentication in web apps/APIs: password hashing, JWT handling, sessions, OAuth flows, MFA, and account controls against OWASP/NIST standards.
Analyzes auth mechanisms (passwords/sessions/JWT/OAuth/MFA) and authz patterns (RBAC/ABAC/ACL) for vulnerabilities like bypasses, hijacking, broken access control; reports with OWASP/NIST remediation.