What programming languages are supported?

The skill supports a wide range of languages including JavaScript/Node.js, Python, and Ruby, utilizing both language-specific scanners and generic patterns.

Can it help me fix the security issues it finds?

Yes, for each finding, the skill provides a detailed impact description and a concrete fix recommendation, often including a code diff.

Which security vulnerabilities does this skill detect?

This skill targets OWASP A01:2021 vulnerabilities, including IDOR, missing authorization checks, CORS misconfigurations, JWT tampering, and directory traversal.

Do I need to have Semgrep or Bandit installed to use this?

While it integrates with Semgrep, Bandit, and Brakeman for better coverage, the skill can fall back to manual analysis using grep patterns if those tools are missing.

Access Control Security Auditor

Name: Access Control Security Auditor
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Analyzes source code to identify and remediate broken access control vulnerabilities including IDOR, CORS leaks, and privilege escalation.

The Access Control skill empowers Claude to perform comprehensive security audits focused on the OWASP Top 10 A01:2021 category. It systematically scans your codebase for missing authorization middleware, insecure direct object references (IDOR), permissive CORS configurations, and insecure JWT implementations. By combining automated scanner integration with deep manual pattern analysis, this skill helps developers identify critical security gaps in routes, controllers, and database queries, providing actionable fix recommendations to prevent unauthorized data access.

Key Features

016 GitHub stars

02JWT claim validation and signature verification checks

03Detection of Insecure Direct Object References (IDOR) and ownership bypasses

04CORS configuration auditing for wildcard or reflected origin vulnerabilities

05Seamless integration with security tools like Semgrep, Bandit, and Brakeman

06Deep-trace analysis of middleware chains and authorization guards

Use Cases

01Verifying that database queries correctly filter sensitive data by the authenticated user's ID

02Auditing new API endpoints to ensure proper role-based access control (RBAC) is enforced

03Scanning legacy applications for directory traversal and privilege escalation risks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code access-control

For use in Claude.ai and ChatGPT

Download Skill