Skills
.Work. You
Rest

kb-security

Official

Harden NextAuth with portable auth & validation

Software Engineering#authorization#input validation#rbac#zod#security hardening#password reset#nextauth
AuthorTimeKast
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill prevents common authentication and authorization vulnerabilities in NextAuth.js v5 + Next.js 16+ apps by providing portable, defense-in-depth patterns for session verification, RBAC modeling, input validation, and high-risk flows like password reset.

Core Features & Use Cases

  • Defense-in-depth authorization: Enforces access control across middleware/authorized(), page/server checks, and server-action verification to avoid “one layer only” failures.
  • Portable RBAC matrix modeling: Defines roles and permissions as a roles × actions matrix with default-deny and explicit deny semantics to eliminate ambiguous logic and drift.
  • Zod validation at every boundary: Requires schema parsing for API bodies and server-action inputs to block malformed or malicious data.
  • Attack prevention playbook: Covers SQL injection avoidance (parameterized/ORM queries), XSS-safe rendering and sanitization, and CSRF considerations for custom mutating routes.
  • Password reset hardening: Provides anti-enumeration behavior, hashed token storage, one-time consumption, session invalidation, and rate-limiting guidance.
  • Server-only env hygiene: Reduces accidental secret leakage by enforcing server-only module boundaries and startup env validation.

Quick Start

Use kb-security to review your NextAuth configuration and add Zod-validated permission checks plus a secure password-reset flow that avoids enumeration, hashes reset tokens, and enforces rate limits.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: kb-security
Download link: https://github.com/TimeKast/AgendaInteligente/archive/main.zip#kb-security

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.