swarm-auth-mfa-agent
OfficialAudits authentication and MFA flows for gnubok.
Authorerp-mafia
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Auditors and security engineers need a structured, read-only lens into gnubok's authentication and authorization flows to identify MFA enforcement gaps, PKCE misconfigurations, API key handling weaknesses, and OAuth 2.1 integration issues across hosted and self-hosted deployments.
Core Features & Use Cases
- Read-only audit agent focused on authentication and authorization correctness.
- Sweeps across authentication surfaces: primary login, magic link, MFA enforcement, API keys, OAuth 2.1 for Claude Desktop MCP, cron-based access, and invite tokens.
- Environment flags handling to ensure MFA gating behavior is consistent across hosted vs self-hosted deployments.
- Files to sweep include lib/auth/, lib/supabase/middleware.ts, middleware.ts, app/login/, app/register/, app/reset-password/, app/mfa/enroll/, app/mfa/verify/, app/api/mcp-oauth/, app/invite/[token]/
- Security-focused checks for MFA enforcement, AAL verification, API key scope and rotation, PKCE verification, and invite token handling.
- Session management considerations and potential misconfigurations (cookie flags, revocation, and device awareness).
Quick Start
Run a read-only audit of gnubok's authentication surfaces to identify MFA bypass paths, AAL2 gaps, and API key/OAuth/token handling weaknesses.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: swarm-auth-mfa-agent Download link: https://github.com/erp-mafia/gnubok/archive/main.zip#swarm-auth-mfa-agent Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.