What security standards does this skill follow?

The skill follows OWASP Top 10 guidelines, specifically focusing on Broken Access Control and Identification and Authentication Failures.

Does it support custom password hashing?

It is programmed to enforce high-security standards like Argon2id and will flag weaker methods such as MD5, SHA-256, or bcrypt as P1 critical issues.

Which authentication libraries is it optimized for?

While it applies broadly to Node.js environments, it includes specific optimizations and patterns for better-auth and standard session management libraries.

Can it block deployments?

Yes, it is designed to trigger during pre-deployment operations and can block the process if critical P1 security violations are detected.

Auth Security Validator

Name: Auth Security Validator
Author: hirefrank

byhirefrank

•

Security & Testing

Validates authentication and session management configurations against OWASP security standards to prevent common vulnerabilities.

The Auth Security Validator is a specialized Claude Code skill designed to autonomously audit and enforce security best practices within your application's authentication layer. It monitors changes to authentication files and session configurations, performing real-time checks for critical issues like weak password hashing (enforcing Argon2id), insecure cookie settings, and insufficient CSRF protection. By integrating directly into the development workflow and pre-deployment phase, it ensures that your application remains compliant with OWASP guidelines and helps prevent security pitfalls before they reach production.

Key Features

01OWASP-compliant security auditing for password hashing and session management

022 GitHub stars

03Detailed security reporting with actionable remediation steps

04Real-time validation of cookie configurations (Secure, HttpOnly, SameSite)

05Automated detection of weak cryptographic algorithms and short session secrets

06Pre-deployment blocking for critical P1 security vulnerabilities

Use Cases

01Auditing session and cookie configurations during application migration

02Ensuring CSRF and rate-limiting protections are active before production deployment

03Preventing weak password storage by enforcing Argon2id implementation

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hirefrank/hirefrank-marketplace auth-security-validator

For use in Claude.ai and ChatGPT

Download Skill