How does this skill detect access control issues?

It uses targeted grep patterns and static analysis to identify common anti-patterns like string-based role comparisons, magic permission strings, and missing authorization attributes.

Can it fix the security issues automatically?

Claude can use the detection results to suggest and apply refactors, such as moving controller-based logic into a dedicated Voter class or implementing a Permission Enum.

Which PHP frameworks are supported?

While it uses patterns common in Symfony and Laravel (like Voters and Policies), the detection logic is framework-agnostic and works for any PHP project using standard authorization concepts.

Does it flag public endpoints as errors?

No, it includes logic to recognize false positives like health checks, public API routes, and CLI commands that are intended to be accessible without standard user authorization.

PHP Access Control Auditor

Name: PHP Access Control Auditor
Author: dykyi-roman

bydykyi-roman

•

Seguridad y Pruebas

Analyzes PHP applications to detect security vulnerabilities, authorization anti-patterns, and inconsistent access control logic.

This skill empowers Claude to perform deep security audits on PHP codebases, identifying risky authorization patterns like inline role checks, hardcoded permissions, and complex logic within controllers. By promoting industry-standard patterns such as Symfony Voters or Laravel Policies, it helps developers transition from fragile, scattered permission checks to a centralized, maintainable, and deny-by-default security architecture. This proactive analysis significantly reduces the risk of privilege escalation and ensures consistent authorization across complex applications.

Características Principales

01Detects inline role checks and hardcoded permission strings

02Audits for deny-by-default security configurations and missing firewalls

0347 GitHub stars

04Provides severity-based classifications for all detected security risks

05Flags complex authorization logic embedded directly in controllers

06Identifies missing Voter or Policy design patterns for resource access

Casos de Uso

01Ensuring new API endpoints comply with organizational RBAC/ACL standards

02Performing a security audit on a legacy PHP monolith or microservice

03Refactoring scattered authorization logic into centralized, testable Voters

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-access-control-model

For use in Claude.ai and ChatGPT

Download Skill