Browser Auth Flow
Skill Verifiziert AktivProbe a site's authentication flow for redirect leaks, missing CSRF, weak session cookies, and OAuth misconfiguration; produces an auth findings.md
To provide a thorough, automated security audit of web application authentication mechanisms before deployment or during security investigations.
Funktionen
- Probes for redirect leaks
- Detects missing CSRF tokens
- Analyzes session cookie security (Secure, HttpOnly, SameSite)
- Checks OAuth misconfigurations (state, nonce, redirect_uri)
- Generates a structured `findings.md` report
- Supports credential management via handles
Anwendungsfälle
- Performing pre-deployment security audits of new authentication flows.
- Investigating suspected token leaks or redirect vulnerabilities.
- Establishing a baseline for regression testing of authentication security.
- Validating the security posture of OAuth implementations.
Nicht-Ziele
- Exploiting vulnerabilities or chaining follow-up requests with captured tokens.
- Hardcoding credentials; requires vaulted handles or interactive entry.
- Performing full penetration testing beyond authentication flow analysis.
Practical Utility
- info:Usage examplesWhile the SKILL.md outlines the steps and probes, concrete end-to-end examples with input, invocation, and output are not explicitly provided.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add ruvnet/ruflo/plugin install ruflo-browser@rufloQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Toprank Weekly Review
100Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.
Janitor Tokens
100Zeigt an, wie viele Token im Kontextfenster jede Fähigkeit verbraucht. Verwenden Sie dies, wenn der Benutzer nach Token-Kosten, Budget, Kapazität oder nach Fähigkeiten fragt, die am meisten Kontextspeicherplatz verschwenden.
Janitor Report
100Umfassende Zustandsprüfung aller Ihrer Skills in einem Bericht. Verwenden Sie dies, wenn der Benutzer nach Fehlern suchen, Duplikate finden, defekte Skills erkennen oder eine vollständige Übersicht über den Zustand der Skills erhalten möchte.