Skip to main content
Ejecuta cualquier Skill en Manus
con un clic

jwt-vulnerabilities

Estrellas2
Forks1
Actualizado9 de julio de 2026 a las 12:42

SAST detection methodology for JWT/JWS verification flaws (CWE-347, CWE-345), including alg:none acceptance, HS/RS algorithm confusion, weak HMAC secrets, attacker-supplied keys via jwk/jku/x5u, kid header injection (path traversal / SQLi / command injection), missing exp/nbf/aud/iss validation, decode-without- verify, unpinned algorithms, and sensitive data in the payload. Use when reviewing code that issues or validates JSON Web Tokens. Writes confirmed findings to findings/22-jwt-vulnerabilities.md.

Instalación

Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.

SKILL.md
readonly