Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

bobmatnyc/better-auth-core

Name: better-auth-core
Author: bobmatnyc

toolchains/platforms/auth/better-auth/better-auth-core/SKILL.md

npx skillsauth add bobmatnyc/claude-mpm-skills better-auth-core

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Better Auth Core (TypeScript)

Goals

Set up a Better Auth instance with environment variables and data layer wiring.
Wire server handlers and a client instance.
Use sessions and server-side API methods safely.
Keep data-layer choices pluggable (drivers or adapters).

Quick start

Install better-auth.
Set BETTER_AUTH_SECRET (32+ chars) and BETTER_AUTH_URL.
Create auth.ts and export auth.
Provide database (driver or adapter) or omit for stateless sessions.
Mount a handler (auth.handler or a framework helper).
Create a client with createAuthClient.

import { betterAuth } from "better-auth";

export const auth = betterAuth({
  database: myDatabaseOrAdapter, // driver or adapter; omit for stateless mode
  emailAndPassword: { enabled: true },
  socialProviders: {
    github: {
      clientId: process.env.GITHUB_CLIENT_ID as string,
      clientSecret: process.env.GITHUB_CLIENT_SECRET as string,
    },
  },
});

Core setup checklist

Export the instance as auth (or default export) so helpers find it.
Keep BETTER_AUTH_URL in sync with the public base URL.
Pass the full base URL to the client if you change the /api/auth base path.
Add database migrations before enabling plugins that require tables.

Server API usage

Call server endpoints via auth.api.* with { body, headers, query }.
Use asResponse: true if you need a Response object.
Use returnHeaders: true to access Set-Cookie headers.

import { auth } from "./auth";

const session = await auth.api.getSession({
  headers: request.headers,
});

const response = await auth.api.signInEmail({
  body: { email, password },
  asResponse: true,
});

Session access

Client: authClient.useSession() or authClient.getSession().
Server: auth.api.getSession({ headers }).

TypeScript tips

Infer types with auth.$Infer and authClient.$Infer.
Use inferAdditionalFields on the client when you extend the user schema.

References

toolchains/platforms/auth/better-auth/better-auth-core/references/setup-database.md
toolchains/platforms/auth/better-auth/better-auth-core/references/client-server.md
toolchains/platforms/auth/better-auth/better-auth-core/references/typescript.md

bobmatnyc/better-auth-core

toolchains/platforms/auth/better-auth/better-auth-core/SKILL.md

Better Auth core setup for TypeScript apps. Use when configuring the Better Auth instance, wiring server handlers and client instances, working with sessions, or calling server-side auth APIs.

30 stars

tools

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add bobmatnyc/claude-mpm-skills better-auth-core

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 9:12 AM18.4s5 files scanned

SKILL.md

name:: better-auth-core
description:: Better Auth core setup for TypeScript apps. Use when configuring the Better Auth instance, wiring server handlers and client instances, working with sessions, or calling server-side auth APIs.
user-invocable:: false
disable-model-invocation:: true
summary:: Better Auth core setup for TypeScript apps. Use when configuring the Better Auth instance, wiring server handlers and client instances, working with sessions, or calling server-side auth APIs.
when_to_use:: When implementing authentication, authorization, or security.
quick_start:: 1. Review the core concepts below. 2. Apply patterns to your use case. 3. Follow best practices for implementation.

Better Auth Core (TypeScript)

Goals

Set up a Better Auth instance with environment variables and data layer wiring.
Wire server handlers and a client instance.
Use sessions and server-side API methods safely.
Keep data-layer choices pluggable (drivers or adapters).

Quick start

Install better-auth.
Set BETTER_AUTH_SECRET (32+ chars) and BETTER_AUTH_URL.
Create auth.ts and export auth.
Provide database (driver or adapter) or omit for stateless sessions.
Mount a handler (auth.handler or a framework helper).
Create a client with createAuthClient.

import { betterAuth } from "better-auth";

export const auth = betterAuth({
  database: myDatabaseOrAdapter, // driver or adapter; omit for stateless mode
  emailAndPassword: { enabled: true },
  socialProviders: {
    github: {
      clientId: process.env.GITHUB_CLIENT_ID as string,
      clientSecret: process.env.GITHUB_CLIENT_SECRET as string,
    },
  },
});

Core setup checklist

Export the instance as auth (or default export) so helpers find it.
Keep BETTER_AUTH_URL in sync with the public base URL.
Pass the full base URL to the client if you change the /api/auth base path.
Add database migrations before enabling plugins that require tables.

Server API usage

Call server endpoints via auth.api.* with { body, headers, query }.
Use asResponse: true if you need a Response object.
Use returnHeaders: true to access Set-Cookie headers.

import { auth } from "./auth";

const session = await auth.api.getSession({
  headers: request.headers,
});

const response = await auth.api.signInEmail({
  body: { email, password },
  asResponse: true,
});

Session access

Client: authClient.useSession() or authClient.getSession().
Server: auth.api.getSession({ headers }).

TypeScript tips

Infer types with auth.$Infer and authClient.$Infer.
Use inferAdditionalFields on the client when you extend the user schema.

References

toolchains/platforms/auth/better-auth/better-auth-core/references/setup-database.md
toolchains/platforms/auth/better-auth/better-auth-core/references/client-server.md
toolchains/platforms/auth/better-auth/better-auth-core/references/typescript.md

Related Skills

bobmatnyc/axum

development

VerifiedTrustedCommunity

Axum (Rust) web framework patterns for production APIs: routers/extractors, state, middleware, error handling, tracing, graceful shutdown, and testing

53SKILL.mdUpdated May 19, 2026

bobmatnyc/web-performance-optimization

development

VerifiedTrustedCommunity

Optimize web performance using Core Web Vitals, modern patterns (View Transitions, Speculation Rules), and framework-specific techniques

49SKILL.mdUpdated May 30, 2026

bobmatnyc/web-performance-optimization

bobmatnyc/api-documentation

development

VerifiedTrustedCommunity

Best practices for documenting APIs and code interfaces, eliminating redundant documentation guidance per agent.

49SKILL.mdUpdated May 30, 2026

bobmatnyc/api-documentation

bobmatnyc/api-design-patterns

development

VerifiedTrustedCommunity

Comprehensive API design patterns covering REST, GraphQL, gRPC, versioning, authentication, and modern API best practices

49SKILL.mdUpdated May 30, 2026

bobmatnyc/api-design-patterns

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/bobmatnyc/claude-mpm-skills.git

# Copy into Claude Code skills folder (global)
cp -r claude-mpm-skills/toolchains/platforms/auth/better-auth/better-auth-core ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

bobmatnyc/claude-mpm-skills

30 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT