auth_skill
- Shell
212
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill chachamaru127/claude-code-harness --skill auth- SKILL.md3.1 KB
Overview
This skill implements authentication and payment flows for JavaScript applications, with built-in support for Clerk, Supabase Auth, and Stripe. It focuses on secure login, session management, webhooks, and subscription/payment handling. Use it when you need production-ready auth or Stripe integration tied to business rules.
How this skill works
The skill first runs a mandatory security checklist and classifies the request as authentication or payment. It then references the appropriate implementation guidance and generates code, configuration, and instructions for Clerk, Supabase Auth, or Stripe as required. Webhook signature verification, server-side amount confirmation, and secure session handling are emphasized in generated output.
When to use it
- User asks to add login, signup, social login, or session management
- User requests payment processing, subscriptions, or Stripe integration
- Need secure webhook handling for Stripe events
- Implementing rate limiting, CSRF protection or hardened auth flows
- When storing credentials, tokens, or handling sensitive payment data
Best practices
- Always run the security checklist before starting implementation
- Hash passwords with bcrypt or argon2; never store raw passwords
- Do not store card numbers on your servers; use Stripe tokens or SDKs
- Verify webhook signatures and finalize amounts server-side
- Use HTTPOnly cookies for sessions and implement CSRF protection
Example use cases
- Add email/password signup and login using Supabase Auth with secure session cookies
- Integrate Stripe Checkout and server-side subscription creation with webhook verification
- Migrate authentication to Clerk while preserving existing session logic
- Implement rate limiting and lockout policies for failed login attempts
- Create a server endpoint that confirms invoice amounts before charging
FAQ
No. The skill enforces using Stripe or a payment provider SDK so sensitive card data never touches your servers.
What security checks run before work begins?
A mandatory checklist covering password hashing, session safety (HTTPOnly cookies), CSRF, rate limiting, webhook signature verification, and avoiding logging of secrets.