Runs an adversarial probe against your login flow, checking for redirect leaks, missing CSRF tokens, weak session cookies, and OAuth misconfigurations. It drives the auth sequence in a recorded browser session, then runs a configurable set of tests (csrf, redirect, cookie, oauth) against the captured artifacts and live page. Output lands in a structured findings.md with severity ratings and a pass/warn/fail verdict. Good for pre-deployment audits or investigating suspected token leaks. The probes are deliberately limited to inspection, they don't exploit findings, and all credentials stay vaulted. Expect 15 to 40 trajectory steps per run.
npx skills add https://github.com/ruvnet/ruflo --skill browser-auth-flow