Can it help fix the vulnerabilities it finds?

Absolutely. For every vulnerability identified, the skill provides specific code remediation examples and points to established security best practices.

What types of vulnerabilities can it detect?

It detects a wide range of access control issues including IDOR, mass assignment, horizontal and vertical privilege escalation, and JWT verification weaknesses.

Does it only check controller logic?

No, it analyzes repositories, models, and service layers to ensure that resource scoping and ownership checks are applied at the data layer as well.

Does this skill work with frameworks like Laravel and Symfony?

Yes, it is designed to recognize and suggest framework-specific best practices, including the use of Laravel Policies and Symfony Voters for robust access control.

PHP Authorization Auditor

Name: PHP Authorization Auditor
Author: dykyi-roman

bydykyi-roman

•

セキュリティとテスト

Identifies security vulnerabilities in PHP applications by detecting missing access controls, IDOR, and privilege escalation risks.

This skill empowers Claude to perform deep security audits on PHP codebases, focusing specifically on broken access control—the primary risk in modern web applications. It scans for common architectural flaws such as Insecure Direct Object References (IDOR), horizontal and vertical privilege escalation, and unsafe mass assignments. By analyzing patterns across repositories, controllers, and middleware, it provides actionable remediation steps and standardized reports (including CWE mapping), helping developers secure their applications before deployment.

主な機能

01Flags horizontal and vertical privilege escalation risks within PHP logic.

02Identifies missing ownership checks in repository queries and database interactions.

03Scans for unsafe mass assignment vulnerabilities and role-based access control (RBAC) gaps.

0445 GitHub stars

05Detects Insecure Direct Object References (IDOR) and sequential ID enumeration vulnerabilities.

06Audits JWT and token-based authorization implementations for algorithm confusion and verification issues.

ユースケース

01Automating the detection of authorization gaps during code reviews to ensure consistent security across teams.

02Conducting security pre-reviews for new PHP features or API endpoints to prevent data leaks.

03Refactoring legacy PHP code to implement secure framework patterns like Symfony Voters or Laravel Policies.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-authorization

For use in Claude.ai and ChatGPT

Download Skill