authBuild secure authentication with sessions, JWT, OAuth, passwordless, MFA, and SSO for web and mobile apps.
Install via ClawdBot CLI:
clawdbot install ivangdavila/authGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Sends data to undocumented external endpoint (potential exfiltration)
Send → https://app.com/reset?token=<tokenCalls external URL not in known-safe list
https://clawic.com/skills/authUses known external API (expected, informational)
api.github.comAI Analysis
The skill is explicitly documented as a reference guide containing only example code and patterns, with clear disclaimers that it does not execute code, make network requests, or access credentials. The flagged external URLs are either the skill's homepage or example placeholders within instructional code snippets, not operational endpoints.
Generated Mar 1, 2026
A retail website needs secure user login with sessions and cookies for traditional web browsing, plus social login options like OAuth with Google or Facebook to reduce signup friction. It must handle password security with bcrypt and implement MFA for high-value transactions to prevent account takeover.
A financial app requires JWT-based authentication for stateless API calls, short-lived tokens for security, and refresh tokens for offline access. It should include MFA via authenticator apps to avoid SMS vulnerabilities and audit logging for compliance without storing sensitive data like passwords.
A patient portal uses SSO with OIDC for enterprise integration across clinics, ensuring centralized identity management. It enforces strict session management with secure cookies and requires re-authentication for sensitive operations like viewing medical records, following HIPAA guidelines.
A B2B software service implements JWT for scalable microservices, with rate limiting and CAPTCHA on login to prevent brute force attacks. It offers passwordless email login options and logs all authentication events except secrets to monitor for suspicious activity.
Companies charge monthly or annual fees for access to software, requiring robust authentication to protect user data and prevent unauthorized access. This model benefits from JWT for stateless scaling and social login to streamline user onboarding and retention.
Platforms facilitate transactions between buyers and sellers, relying on secure authentication to build trust and prevent fraud. Sessions with cookies enhance user experience for web shoppers, while MFA and audit logging help secure financial transactions and comply with regulations.
Firms provide specialized tools or consulting to other businesses, often using SSO for seamless integration with client systems. Authentication strategies like OIDC support centralized management, and defense-in-depth measures like rate limiting protect against attacks on sensitive corporate data.
💬 Integration Tip
Use this skill as a reference to adapt code examples into your project, ensuring to replace placeholders like SECRET with actual environment variables and implement libraries for crypto instead of custom solutions.
Scored Apr 19, 2026
Audited Apr 16, 2026 · audit v1.0
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
gws CLI: Shared patterns for authentication, global flags, and output formatting.
Set up Gmail API access via gog CLI with manual OAuth flow. Use when setting up Gmail integration, renewing expired OAuth tokens, or troubleshooting Gmail authentication on headless servers.
Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically
Self-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js. Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits, Expo crashes, additionalFields bugs.
Zoho People API integration with managed OAuth. Manage employees, departments, designations, attendance, and leave. Use this skill when users want to read, create, update, or query HR data like employees, departments, designations, and forms in Zoho People. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway). Requires network access and valid Maton API key.