auth_skill

This skill implements authentication and payments using Clerk, Supabase Auth, and Stripe, guiding secure login flows and subscription handling.
  • Shell

212

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill chachamaru127/claude-code-harness --skill auth

  • SKILL.md3.1 KB

Overview

This skill implements authentication and payment flows for JavaScript applications, with built-in support for Clerk, Supabase Auth, and Stripe. It focuses on secure login, session management, webhooks, and subscription/payment handling. Use it when you need production-ready auth or Stripe integration tied to business rules.

How this skill works

The skill first runs a mandatory security checklist and classifies the request as authentication or payment. It then references the appropriate implementation guidance and generates code, configuration, and instructions for Clerk, Supabase Auth, or Stripe as required. Webhook signature verification, server-side amount confirmation, and secure session handling are emphasized in generated output.

When to use it

  • User asks to add login, signup, social login, or session management
  • User requests payment processing, subscriptions, or Stripe integration
  • Need secure webhook handling for Stripe events
  • Implementing rate limiting, CSRF protection or hardened auth flows
  • When storing credentials, tokens, or handling sensitive payment data

Best practices

  • Always run the security checklist before starting implementation
  • Hash passwords with bcrypt or argon2; never store raw passwords
  • Do not store card numbers on your servers; use Stripe tokens or SDKs
  • Verify webhook signatures and finalize amounts server-side
  • Use HTTPOnly cookies for sessions and implement CSRF protection

Example use cases

  • Add email/password signup and login using Supabase Auth with secure session cookies
  • Integrate Stripe Checkout and server-side subscription creation with webhook verification
  • Migrate authentication to Clerk while preserving existing session logic
  • Implement rate limiting and lockout policies for failed login attempts
  • Create a server endpoint that confirms invoice amounts before charging

FAQ

No. The skill enforces using Stripe or a payment provider SDK so sensitive card data never touches your servers.

What security checks run before work begins?

A mandatory checklist covering password hashing, session safety (HTTPOnly cookies), CSRF, rate limiting, webhook signature verification, and avoiding logging of secrets.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
auth skill by chachamaru127/claude-code-harness | VeilStrat