sast-missingauth
CommunityDetects missing auth and broken access controls.
System Documentation
What problem does it solve?
Detects missing authentication and broken function-level authorization vulnerabilities in a codebase using a three-phase approach: recon (map endpoints and the permission system), batched verify (check auth/authz in parallel subagents, 3 endpoints each), and merge (consolidate batch results). Covers unauthenticated access and vertical privilege escalation (e.g., regular user accessing admin-only functions). Requires sast/architecture.md (run sast-analysis first). Outputs findings to sast/missingauth-results.md. Use when asked to find missing auth, broken access control, or privilege escalation bugs.
Core Features & Use Cases
- Recon maps endpoints and the permission system, identifying auth posture and privileged actions.
- Batched verify runs parallel checks (batches of up to 3 endpoints each) to validate authentication and authorization.
- Merge consolidates batch results into a final sast/missingauth-results.md with remediation guidance.
- Use case: security teams map auth gaps and vertical privilege escalation across large codebases.
Quick Start
Run the Missing Auth analysis on your codebase to generate sast/missingauth-results.md.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sast-missingauth Download link: https://github.com/utkusen/sast-skills/archive/main.zip#sast-missingauth Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.