shield_lock
金大哥
返回 Skill 列表
extension
分类: 其它无需 API Key

Oauth Security Checker

检测 Web 应用中的 OAuth 2.0 安全漏洞,包括重定向 URI、state 参数、PKCE、令牌端点、作用域和授权服务器详情。

person作者: snipercat69hubclawhub
open_in_new仓库download下载资源包

OAuth Security Checker

Skill Name: oauth-security-checker Version: 1.0.0 Category: Security / Vulnerability Assessment Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently) Author: EdgeIQ Labs OpenClaw Compatible: Yes — Python 3, pure stdlib, WSL + Linux

What It Does

Detects OAuth 2.0 misconfigurations, security flaws, and authorization issues in web applications. Checks redirect URI validation, token endpoint security, scope permissions, PKCE support, state parameter integrity, and more.

⚠️ Legal Notice: Only test OAuth integrations you own or have explicit written authorization to audit.

Features

  • Redirect URI validation — tests for localhost, null, and wildcard misconfigs
  • State parameter check — detects missing or weak CSRF protection
  • PKCE support detection — identifies apps missing code challenge
  • Token endpoint security — checks TLS, token format, expiration
  • Scope analysis — flags overly broad permissions
  • Implicit flow detection — warns about bearer token exposure
  • Authorization server fingerprinting — identifies provider and version
  • JSON export — structured results for reporting

Tier Comparison

| Feature | Free | Lifetime ($39) | Optional Monthly ($7/mo) | |---------|------|----------------|----------------------| | Redirect URI checks | ✅ (5 URIs) | ✅ (unlimited) | ✅ (unlimited) | | State parameter test | ✅ | ✅ | ✅ | | PKCE detection | ✅ | ✅ | ✅ | | Token endpoint analysis | ✅ | ✅ | ✅ | | Scope permission analysis | ✅ | ✅ | ✅ | | Full OAuth provider fingerprint | ✅ | ✅ | ✅ | | JSON export | ✅ | ✅ | ✅ |

Installation

cp -r /home/guy/.openclaw/workspace/apps/oauth-security-checker ~/.openclaw/skills/oauth-security-checker

Usage

Basic scan (free tier)

python3 oauth_checker.py --url "https://example.com/oauth/authorize?client_id=YOUR_ID&redirect_uri=https://example.com/callback&response_type=code&scope=read"

Pro scan with full analysis

EDGEIQ_EMAIL=your_email@gmail.com python3 oauth_checker.py \
  --url "https://example.com/oauth/authorize?client_id=YOUR_ID&redirect_uri=https://example.com/callback&response_type=code&scope=read write" \
  --pro

JSON report output

EDGEIQ_EMAIL=your_email@gmail.com python3 oauth_checker.py \
  --url "https://example.com/oauth/authorize?client_id=YOUR_ID&redirect_uri=https://example.com/callback&response_type=code" \
  --bundle --output oauth-report.json

As OpenClaw Discord Command

In #edgeiq-support channel:

!oauth https://example.com/oauth/authorize?client_id=YOUR_ID&redirect_uri=https://example.com/callback&response_type=code&scope=read
!oauth https://example.com/oauth/authorize?client_id=YOUR_ID --pro

Parameters

| Flag | Type | Default | Description | |------|------|---------|-------------| | --url | string | — | Authorization URL with query params | | --pro | flag | False | Enable Pro features | | --bundle | flag | False | Enable Bundle features | | --output | string | — | Write JSON report to file | | --timeout | int | 10 | Request timeout (seconds) |

Output Example

=== OAuth Security Checker ===
Target: https://example.com/oauth/authorize

  [1m[91m🔴 CRITICAL: Redirect URI allows localhost[0m
    Pattern: https://localhost/callback
    Risk: Attacker can intercept authorization codes

  [1m[93m🟡 WARNING: State parameter not detected[0m
    Risk: CSRF attack possible via authorization hijacking

  [1m[92m✔ OK: PKCE is supported[0m
    Challenge method: S256

  [1m[92m✔ OK: Token endpoint requires TLS[0m
    Version: TLS 1.2+

  [1m[93m🟡 INFO: Scopes detected: read, write, admin[0m
    Warning: 'admin' scope is overly broad

  Threat Level: HIGH — 2 issues found

Pricing

Lifetime License: $39 — your tool forever, all features included permanently. Optional Monthly: $7/mo — for those who prefer recurring billing (cancel anytime). 👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo 👉 Subscribe Monthly — $7/mo

Pro Upgrade (deprecated)

All features now included in Lifetime purchase.

Support

Open a ticket in #edgeiq-support or email gpalmieri21@gmail.com

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

  • 🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
  • 📸 Screenshot API — URL-to-screenshot API for developers
  • 🔔 uptime.check — URL uptime monitoring with alerts
  • 🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →