Skills
.Work. You
Rest

php-yii-audit

Community

Yii2 security audit for access control and CSRF.

Software Engineering#rbac#static-analysis#csrf#access-control#security-audit#yii2#yii
Author0xShe
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Yii2 projects are prone to misconfigurations in access control (AccessControl/RBAC), CSRF handling, input filtering, output encoding, and unsafe redirects, which can lead to privilege escalation, data leakage, or XSS.

Core Features & Use Cases

  • Inspect AccessControl and RBAC rules across controllers, actions, and matchCallback usage to ensure proper authorization boundaries.
  • Verify CSRF settings, cookie validation, and token handling in state-changing requests to prevent forgery.
  • Assess input filtering via rules(), safeAttributes(), and scenarios to prevent mass assignment vulnerabilities.
  • Check output encoding and safe output practices in views to prevent XSS, including usage of Html::encode and HtmlPurifier.
  • Map findings to common vulnerability categories (AUTH/CSRF/XSS/CFG/LOGIC) for remediation prioritization.

Quick Start

Run the Yii2 audit against your project root to generate framework_audit/yii_{timestamp}.md containing framework-specific risk findings.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: php-yii-audit
Download link: https://github.com/0xShe/PHP-Code-Audit-Skill/archive/main.zip#php-yii-audit

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.