Back to skills
extension
Category: Development & EngineeringNo API key required

access-control-patterns

[STUB - Not implemented] Access control auditing with IDOR detection, RBAC/ABAC patterns, and privilege escalation prevention. PROACTIVELY activate for: [TODO: Define on implementation]. Triggers: [TODO: Define on implementation]

personAuthor: jakexiaohubgithub

Access Control Patterns

STUB: This skill is not yet implemented

This placeholder preserves the documented plugin structure. See parent plugin README for planned capabilities.

Planned Capabilities

  • IDOR Detection: Identify Insecure Direct Object Reference vulnerabilities
  • RBAC Patterns: Role-Based Access Control implementation guidance
  • ABAC Patterns: Attribute-Based Access Control strategies
  • Privilege Escalation Prevention: Detect and prevent unauthorized privilege elevation
  • Ownership verification patterns
  • Resource authorization best practices

Critical Pattern

// WRONG - no ownership check
const post = await db.posts.findById(params.id);

// CORRECT - verify ownership
const post = await db.posts.findById(params.id);
if (post.authorId !== session.userId) {
  throw new ForbiddenError();
}

Implementation Status

  • [ ] Core implementation
  • [ ] References documentation
  • [ ] Output templates
  • [ ] Integration tests