andrem-sec/jwt-algorithm-confusion-prevention
.claude/skills/learned/example-jwt-validation/SKILL.md
Prevent algorithm confusion attacks when validating JWTs — RS256 tokens accepted as HS256
$ install --global
skillsauthnpx skillsauth add andrem-sec/psc-comet jwt-algorithm-confusion-preventionInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:49 PM2.1s1 file scanned
SKILL.md
- name:
- jwt-algorithm-confusion-prevention
- description:
- Verify the library rejects the "none" algorithm
- version:
- 0.1.0
- level:
- 2
- context_files:
- []
- - name:
- Check None Algorithm Rejection
JWT Algorithm Confusion Prevention
Note: This is an example learned skill showing the format. Replace it with skills captured from your actual codebase using the learner skill.
The Insight
JWT libraries that accept any algorithm will validate an RS256-signed token as HS256 if you use the public RSA key as the HMAC secret. The attacker signs a token with the public key using HS256 — the library accepts it because the signature is valid under HS256 with that key. This is not a theoretical attack.
Why This Matters
The symptom that brings you here: authentication bypass with valid-looking tokens. No error in logs. The token passes signature verification. The bug is invisible unless you know to look for it.
Recognition Pattern
This skill applies when:
- Using a JWT library that does not enforce algorithm on verify
- The verification function accepts an algorithm parameter at call time rather than configuration time
- RS256 (asymmetric) tokens are in use and the public key is accessible
The Approach
Explicit algorithm allowlist at configuration time, not call time.
Wrong — algorithm from token header trusted:
jwt.decode(token, key) # uses alg from token header
Right — algorithm enforced by verifier:
jwt.decode(token, key, algorithms=["RS256"]) # rejects anything else
Also verify:
"none"algorithm is explicitly rejected (not just "not in the list" — some libraries require explicit rejection)- The key type matches the algorithm — if RS256, the key must be an RSA public key object, not a string
Mandatory Checklist
- Verify the algorithm is specified at the call site or configuration, not inferred from the token header
- Verify
"none"algorithm is explicitly rejected - Verify the key type is validated to match the expected algorithm
- Verify this check exists on every code path that processes JWTs, not just the main one
Related Skills
andrem-sec/batch
data-ai
VerifiedTrustedCommunity
Parallel agent swarm — decomposes work into independent units, spawns isolated workers, tracks PRs via fan-in
1SKILL.mdUpdated Apr 16, 2026
andrem-sec/animation-safe
testing
VerifiedTrustedCommunity
Audit animations and transitions for motion accessibility, performance safety, and design intent. Enforces prefers-reduced-motion compliance and blocks layout-triggering transitions.
1SKILL.mdUpdated Apr 16, 2026
andrem-sec/ai-regression-testing
testing
VerifiedTrustedCommunity
Test specifically for AI-introduced regressions that repeat without tests
1SKILL.mdUpdated Apr 16, 2026
andrem-sec/agentic-engineering
development
VerifiedTrustedCommunity
Framework for decomposing agent-driven tasks into independently verifiable units
1SKILL.mdUpdated Apr 16, 2026