Skills
.Work. You
Rest

idors-discovery-tool

Community

Detect and fix IDOR vulnerabilities in apps.

Software Engineering#authorization#security#vulnerability#ownership#code-review#web-api#idor
AuthorKILWA73
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Checking resource-access logic to prevent unauthorized data access via URL manipulation. Trigger when the user asks "check my API auth", "can someone else see this order?", or "find IDOR vulnerabilities".

Core Features & Use Cases

  • Identify Direct References: Look for endpoints accepting direct database IDs (e.g., /api/orders/{id}) to fetch user-specific data.
  • Authorization Context: Verify if the controller/service actually checks if the currently authenticated user owns the requested resource before returning it.
  • Abstraction Suggestion: Recommend using indirect references (e.g., non-guessable UUIDs) or scoping queries directly to the user (e.g., Auth::user()->orders()->findOrFail($id)).
  • Output Format: Provide the remediated controller code demonstrating strict ownership checks.

Quick Start

Use IDOR discovery prompts to scan API endpoints and implement strict ownership checks.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: idors-discovery-tool
Download link: https://github.com/KILWA73/MiniSoc/archive/main.zip#idors-discovery-tool

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.