How does this skill detect IDOR vulnerabilities?

The skill analyzes your code patterns to ensure that resource lookups include explicit ownership verification against the current user's session context.

Is this skill part of a larger security suite?

Yes, it is a specialized component of the security-tools plugin designed to work within the Claude Code CLI environment.

Does it help prevent privilege escalation?

Yes, it identifies logic flaws and missing checks that could allow users to perform actions or access data beyond their assigned permission levels.

Can I use this for both RBAC and ABAC systems?

Yes, the skill provides specific implementation strategies and best practices for both Role-Based and Attribute-Based Access Control models.

Access Control Patterns

Name: Access Control Patterns
Author: Agentient

byAgentient

0•

Security & Testing

Implements secure authorization logic by auditing and applying RBAC, ABAC, and IDOR prevention patterns.

The Access Control Patterns skill empowers Claude to audit and implement robust authorization frameworks within your application codebase. It specializes in identifying Insecure Direct Object References (IDOR), establishing Role-Based and Attribute-Based Access Control (RBAC/ABAC) strategies, and preventing unauthorized privilege escalation. By enforcing strict ownership verification and resource authorization best practices, this skill helps developers ensure that sensitive data and restricted actions remain accessible only to appropriately authorized users.

Key Features

01IDOR Vulnerability Detection

02Privilege Escalation Prevention

030 GitHub stars

04RBAC/ABAC Implementation Guidance

05Secure Authorization Templates

06Resource Ownership Verification

Use Cases

01Auditing an existing API for missing ownership checks on sensitive resource endpoints.

02Designing a complex multi-tenant permission system using scalable RBAC or ABAC patterns.

03Hardening backend database queries to prevent unauthorized cross-user record access.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add agentient/vibekit access-control-patterns

For use in Claude.ai and ChatGPT

Key Features

01IDOR Vulnerability Detection

02Privilege Escalation Prevention

030 GitHub stars

04RBAC/ABAC Implementation Guidance

05Secure Authorization Templates

06Resource Ownership Verification

Use Cases

01Auditing an existing API for missing ownership checks on sensitive resource endpoints.

02Designing a complex multi-tenant permission system using scalable RBAC or ABAC patterns.

03Hardening backend database queries to prevent unauthorized cross-user record access.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add agentient/vibekit access-control-patterns

For use in Claude.ai and ChatGPT