jwt-misuse-anti-pattern
CommunitySecure JWTs, prevent auth bypass.
Authorigbuend
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses critical security vulnerabilities arising from the improper use of JSON Web Tokens (JWTs), preventing authentication bypass, token forgery, and sensitive data exposure in AI-generated code.
Core Features & Use Cases
- Detects Algorithm Confusion: Identifies and helps fix vulnerabilities where JWT libraries accept insecure algorithms like "none".
- Enforces Strong Secrets: Guides users to use robust, securely managed secrets for symmetric signing.
- Prevents Sensitive Data Exposure: Warns against including Personally Identifiable Information (PII) or other sensitive data in JWT payloads.
- Ensures Expiration: Promotes the use of expiration claims (
exp) to limit token validity. - Use Case: When reviewing code that handles user authentication via JWTs, this skill will flag insecure practices like using weak secrets or not specifying algorithms, and provide secure alternatives.
Quick Start
Review the attached code snippet for JWT misuse vulnerabilities.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jwt-misuse-anti-pattern Download link: https://github.com/igbuend/grimbard/archive/main.zip#jwt-misuse-anti-pattern Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.