Does this skill work with frontend frameworks like React or Vue?

While it can scan frontend route guards for UX consistency, its primary value is ensuring that corresponding authorization enforcement exists on the server-side to prevent API bypasses.

Can it detect IDOR vulnerabilities?

Yes, it specifically looks for patterns where user-supplied IDs are used to fetch resources without verifying ownership or proper tenant isolation filters.

What is the primary focus of the Privilege Escalation skill?

It focuses on identifying flaws in application logic that allow unauthorized users to gain elevated permissions or access restricted data, specifically mapping to the STRIDE Elevation of Privilege (E) category.

What security standards does it reference?

The analysis is based on the STRIDE threat modeling framework and provides references to common CWEs such as CWE-269 (Improper Privilege Management) and CWE-639 (IDOR).

Does it provide code fixes for identified risks?

Yes, when used with the --fix flag, the skill can suggest concrete remediation steps and code diffs to implement missing authorization checks or secure mass assignment paths.

Privilege Escalation Security Auditor

Name: Privilege Escalation Security Auditor
Author: florianbuetow

byflorianbuetow

•

安全与测试

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

The Privilege Escalation skill is a specialized security tool for Claude Code designed to detect Elevation of Privilege (STRIDE-E) threats. It systematically analyzes source code to find broken access controls, such as Insecure Direct Object References (IDOR), missing function-level authorization, and JWT manipulation risks. By auditing route handlers, middleware, and IAM configurations, it provides developers with detailed findings and remediation steps to prevent unauthorized users from gaining elevated permissions or accessing sensitive data across multi-tenant environments.

主要功能

01Flags mass assignment risks where users can self-escalate roles or permissions

02Maps complex RBAC/ABAC hierarchies to find logic gaps and bypasses

03Detects Insecure Direct Object References (IDOR) and tenant isolation failures

04Identifies missing or inconsistent server-side authorization guards on sensitive routes

056 GitHub stars

06Analyzes JWT and session management for claim manipulation and trust vulnerabilities

使用场景

01Securing user profile and role update logic against horizontal and vertical escalation

02Auditing multi-tenant API endpoints to ensure strict data isolation between users

03Reviewing administrative interfaces and internal management APIs for unauthorized access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code privilege-escalation

For use in Claude.ai and ChatGPT

Download Skill