auditing-access-control
Automates audits of access control implementations to identify security vulnerabilities and misconfigurations in authentication and authorization.
Install this skill
Security score
The auditing-access-control skill was audited on May 12, 2026 and we found 10 security issues across 2 threat categories, including 5 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 28 | - Access to the target codebase and configuration files in `${CLAUDE_SKILL_DIR}/` |
Template literal with variable interpolation in command context
| 32 | - Reference: `${CLAUDE_SKILL_DIR}/references/README.md` for IAM best practices, ACL vulnerability patterns, and NIST/GDPR access control standards |
Template literal with variable interpolation in command context
| 69 | Scan route definitions in `${CLAUDE_SKILL_DIR}/src/routes/` for missing authorization |
Template literal with variable interpolation in command context
| 77 | Parse all JSON policy files in `${CLAUDE_SKILL_DIR}/infra/iam/`. Flag policies containing |
Template literal with variable interpolation in command context
| 84 | Analyze role definitions in `${CLAUDE_SKILL_DIR}/config/roles.yaml`. Build a permission |
External URL reference
| 91 | - [OWASP Access Control Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html) |
External URL reference
| 92 | - [NIST SP 800-53 AC Controls](https://csf.tools/reference/nist-sp-800-53/r5/ac/) |
External URL reference
| 93 | - [CWE-269: Improper Privilege Management](https://cwe.mitre.org/data/definitions/269.html) |
External URL reference
| 94 | - [CWE-285: Improper Authorization](https://cwe.mitre.org/data/definitions/285.html) |
External URL reference
| 95 | - [CWE-862: Missing Authorization](https://cwe.mitre.org/data/definitions/862.html) |