How does this skill detect IDOR vulnerabilities?

The skill analyzes your code patterns to ensure that resource lookups include explicit ownership verification against the current user's session context.

Is this skill part of a larger security suite?

Yes, it is a specialized component of the security-tools plugin designed to work within the Claude Code CLI environment.

Does it help prevent privilege escalation?

Yes, it identifies logic flaws and missing checks that could allow users to perform actions or access data beyond their assigned permission levels.

Can I use this for both RBAC and ABAC systems?

Yes, the skill provides specific implementation strategies and best practices for both Role-Based and Attribute-Based Access Control models.

Access Control Patterns

Name: Access Control Patterns
Author: Agentient

byAgentient

セキュリティとテスト

Implements secure authorization logic by auditing and applying RBAC, ABAC, and IDOR prevention patterns.

概要

The Access Control Patterns skill empowers Claude to audit and implement robust authorization frameworks within your application codebase. It specializes in identifying Insecure Direct Object References (IDOR), establishing Role-Based and Attribute-Based Access Control (RBAC/ABAC) strategies, and preventing unauthorized privilege escalation. By enforcing strict ownership verification and resource authorization best practices, this skill helps developers ensure that sensitive data and restricted actions remain accessible only to appropriately authorized users.

主な機能

IDOR Vulnerability Detection
Privilege Escalation Prevention
0 GitHub stars
RBAC/ABAC Implementation Guidance
Secure Authorization Templates
Resource Ownership Verification

ユースケース

Auditing an existing API for missing ownership checks on sensitive resource endpoints.
Designing a complex multi-tenant permission system using scalable RBAC or ABAC patterns.
Hardening backend database queries to prevent unauthorized cross-user record access.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add agentient/vibekit access-control-patterns

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要