OpenSkillIndex← back to search
claude-codesecurity

Awesome-omni-skill Authorization Matrix

Build and verify an authorization matrix mapping roles to endpoints — detect unprotected routes, missing ownership checks, and scope misconfigurations

install
source · Clone the upstream repo
git clone https://github.com/diegosouzapw/awesome-omni-skill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/testing-security/authorization-matrix" ~/.claude/skills/diegosouzapw-awesome-omni-skill-authorization-matrix && rm -rf "$T"
manifest: skills/testing-security/authorization-matrix/SKILL.md
source content

Authorization Matrix Skill

Build a complete authorization matrix from the codebase and verify every endpoint has appropriate authentication, authorization, and ownership checks.

Trigger Conditions

  • Route configuration changes
  • Auth middleware changes
  • New handlers are added
  • User invokes with "auth matrix" or "authorization-matrix"

Input Contract

  • Required: Path to route configuration (main.go or router files)
  • Required: Path to middleware directory
  • Optional: Path to handler files for ownership check verification

Output Contract

  • Complete route → auth requirement matrix
  • List of unprotected routes (missing auth middleware)
  • List of routes missing account ownership verification
  • Comparison against the whitelist in rule 121

Tool Permissions

  • Read: Route config, middleware, handler files
  • Write: None (read-only analysis)
  • Search: Grep for 
    Use(middleware.Auth
    , 
    GetUserID
    , 
    RequireScope
    , 
    AccountOwnership

Execution Steps

  1. Extract all routes: Parse route registration to build complete endpoint list with HTTP method and path
  2. Identify auth middleware: Find which route groups use auth middleware
  3. Check whitelist: Compare unauthenticated routes against the whitelist in rule 121
  4. Verify ownership: For account-scoped routes (
    /accounts/:id/*
    ), verify ownership middleware is applied
  5. Report: Produce authorization matrix with pass/fail per check

Success Criteria

  • All routes outside the whitelist are authenticated
  • All account-scoped routes verify ownership
  • All financial endpoints require appropriate scopes
  • No route bypasses auth through misconfiguration

References

  • .cursor/rules/121-route-auth-enforcement.mdc
  • .cursor/rules/042-security-authorization.mdc