jwt-attack-surface
CommunityAudit JWTs for vulnerabilities and misconfig
Software Engineering#authentication#vulnerability#jwt#web-security#security-audit#token-validation#algorithm-confusion
AuthorMAF2414
Version1.0.0
Installs0
System Documentation
What problem does it solve?
JWT-based authentication is common but often misconfigured, leading to vulnerabilities such as algorithm confusion, weak secrets, missing expiration/claims validation, and insecure token handling.
Core Features & Use Cases
- Algorithm Confusion vulnerabilities and misconfigurations (e.g., accepting multiple algorithms or 'alg=none').
- Weak Secrets and the need for cryptographically strong, long secrets.
- Missing Validation of exp, iss, aud, and signature checks.
- Token Handling best practices for storage, transmission, and revocation across services.
- Use Case security review of microservices and APIs relying on JWTs to verify integrity and authenticity.
Quick Start
Provide a JWT security review of your authentication flow to surface algorithm vulnerabilities, weak secrets, and missing validations.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jwt-attack-surface Download link: https://github.com/MAF2414/kyco/archive/main.zip#jwt-attack-surface Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.