php-laravel-audit

Community

Laravel 安全审计的框架特效洞察

Software Engineering #security #authentication #audit #laravel #session #csrf #blade

Author0xShe

Version1.0.0

Installs0

System Documentation

What problem does it solve?

Laravel 项目在权限、CSRF、会话管理、模型填充和 Blade 模板渲染等方面常见的实现缺陷与误配置导致的安全风险。该审计技能提供对源码中框架特性与踩坑模式的白盒静态分析，帮助团队识别并缓解这些风险。

Core Features & Use Cases

鉴权与路由保护分析（middleware/auth/Policies/Gates）及权限模型的一致性校验
CSRF 与 token 保护的覆盖范围、except 列表及 API 认证差异评估
Session 与 Cookie 安全性检查（session_regenerate_id、cookie flags、SameSite 等配置）
Eloquent mass assignment 的输入到模型写入链路分析及填充策略审查
Blade 渲染中的 raw 输出风险与未转义数据的影响评估
Signed URL 与路由签名校验闭环性检查
生成的证据与改进建议对照现有通用漏洞类型体系输出

Quick Start

指定 Laravel 项目根目录作为源路径，运行分析并输出结构化的风险报告到输出目录。

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: php-laravel-audit
Download link: https://github.com/0xShe/PHP-Code-Audit-Skill/archive/main.zip#php-laravel-audit

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.

View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.