Skip to main content

/

/

Stats

Actions

Tags

Stats

Actions

Tags

ClaudePluginHub

Community directory for discovering and installing Claude Code plugins.

Find plugins for your project

AI-powered recommendations based on your stack.

Product

Browse Plugins
Marketplaces
Pricing
About
Contact

Resources

Learning Center
Blog
Weekly Digest
Claude Code Docs
Plugin Guide
Plugin Reference
Plugin Marketplaces

Community

Browse on GitHub
Get Support

Legal

Terms of Service
Privacy Policy

Browse · Plugins · Top Plugins · Marketplaces · Components · Technologies · Skills · Agents · Commands · Hooks · MCP Servers · LSP Servers · Output Styles · Themes · Monitors

Categories · Productivity · Development · Testing · Deployment · Security · Documentation · Data · Utilities

© 2025 ClaudePluginHub

Community Maintained · Not affiliated with Anthropic

ClaudePluginHub

ClaudePluginHub

Tools Learn Pricing

Search everything...

Permission-Aware Query Builder | aiup-alfresco

Home
Skills
aiup-alfresco
Permission-Aware Query Builder

Skill

Permission-Aware Query Builder

From aiup-alfresco

Flags CMIS, Alfresco Query Language, and direct database queries that may bypass ACLs. Suggests SearchService with authority context instead.

Popularity

Stars

12

Forks

5

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/aiup-alfresco:permission-aware-query-builder

Not user invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadGrep

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Review generated query code for potential ACL bypass issues.

SKILL.md

22 lines · ~289 tokens

Stats

LanguageShell

Stars12

Forks5

MaintenanceExcellent

Last CommitJun 11, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

permission-check

Stats

LanguageShell

Stars12

Forks5

MaintenanceExcellent

Last CommitJun 11, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

permission-check

Permission-Aware Query Builder

Review generated query code for potential ACL bypass issues.

Rules

Never use direct JDBC/Hibernate queries to access nodes — these bypass the permission model entirely
CMIS queries run in the context of the authenticated user by default — this is safe
SearchService queries — verify SearchParameters includes authority context when needed
AuthenticationUtil.runAsSystem — flag any query executed inside runAsSystem as a potential security issue unless explicitly justified
sys_acl / sys_racl — when using Search Enterprise (Elasticsearch), verify that ACL fields are included in the search index configuration
Solr AFTS queries — respect fts.alfresco.defaultNamespace setting; warn if queries hardcode node refs

Output

Flag each potential ACL bypass with severity (high/medium/low), explanation, and suggested fix.

$

npx claudepluginhub aborroy/aiup-alfresco

Similar Skills

auditing-access-control

2.2k

Audits IAM policies, RBAC, ACLs, file permissions, and API authorization for vulnerabilities, privilege escalation paths, and least privilege violations.

4 files8 tools

access-control-auditor

View auditing-access-control

django-access-review

37.9k

Reviews Django and DRF code for access control gaps, IDOR risks, and authorization issues in views, viewsets, ORM queries, and permissions.

antigravity-awesome-skills

View django-access-review

apply-authorization-control

12

Enforces deny-by-default authorization at every resource access point using RBAC or ABAC patterns. Use when implementing access control decisions for APIs, web apps, or services.

View apply-authorization-control