OpenSkillIndex← back to search
claude-codesecurity

Claude-skill-registry access-control-patterns

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/access-control-patterns" ~/.claude/skills/majiayu000-claude-skill-registry-access-control-patterns && rm -rf "$T"
manifest: skills/data/access-control-patterns/SKILL.md
tags
#access-control#rbac#abac#security-auditing#id-or#privilege-escalation
source content

Access Control Patterns

STUB: This skill is not yet implemented

This placeholder preserves the documented plugin structure. See parent plugin README for planned capabilities.

Planned Capabilities

  • IDOR Detection: Identify Insecure Direct Object Reference vulnerabilities
  • RBAC Patterns: Role-Based Access Control implementation guidance
  • ABAC Patterns: Attribute-Based Access Control strategies
  • Privilege Escalation Prevention: Detect and prevent unauthorized privilege elevation
  • Ownership verification patterns
  • Resource authorization best practices

Critical Pattern

// WRONG - no ownership check
const post = await db.posts.findById(params.id);

// CORRECT - verify ownership
const post = await db.posts.findById(params.id);
if (post.authorId !== session.userId) {
  throw new ForbiddenError();
}

Implementation Status

  • Core implementation
  • References documentation
  • Output templates
  • Integration tests