audit-authz
OfficialFind missing authorization before release
Software Engineering#security review#server endpoints#webhook validation#authorization audit#idೋರ#authz helpers#role scoping
AuthorAgentSystemLabs
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Prevents production security bugs by auditing server-side authorization and ownership checks, especially where authenticated identity is present but resource access control is missing or incorrectly scoped.
Core Features & Use Cases
- Entry-point enumeration across common server handler types (server functions, HTTP routes, tRPC, GraphQL resolvers, webhooks, workers, IPC).
- Authorization classification that distinguishes public, authenticated, user-scoped, role-gated, and internal/service endpoints.
- Targeted findings for anonymous access, IDOR (ownership missing after identity), role-but-not-scoped mistakes, client-supplied admin flags, weak/absent webhook signature verification, and checks that occur after side effects.
- Actionable fixes that propose concrete code changes using the project’s existing auth helpers and require confirmation before anything is applied.
Quick Start
Run the audit-authz skill to scan your server code for missing authorization checks and produce a prioritized list of critical, high, and medium authz findings with recommended fixes.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: audit-authz Download link: https://github.com/AgentSystemLabs/core/archive/main.zip#audit-authz Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.