code-audit-authz
CommunityFind authz holes before they ship
Software Engineering#IDOR#webhooks#role-based access#authz#backend security#authorization audit#ownership checks
Authorwebdevcody
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It helps you detect authorization vulnerabilities in your backend where authenticated users can access or modify resources they do not own, or where endpoints accidentally allow anonymous access to user-scoped data.
Core Features & Use Cases
- Enumerates server entry points: scans server functions, HTTP handlers, webhook receivers, queue/worker handlers, and IPC handlers to build a complete audit surface.
- Classifies access requirements: distinguishes public, authenticated, user-scoped, admin/role-gated, and service/internal endpoints based on how inputs map to resources.
- Flags concrete authz findings: detects missing auth checks, IDOR patterns, admin gating mistakes, weak webhook validation, and ordering issues that can leak information.
- Produces actionable fixes: recommends targeted code changes using the project’s existing auth helpers, and requires confirmation for applying fixes.
Quick Start
Audit your codebase for authorization bugs by running: audit auth for every server-side entry point and return findings with severity and the exact missing check.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: code-audit-authz Download link: https://github.com/webdevcody/go-mailing-list/archive/main.zip#code-audit-authz Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.