Stats
Actions
Tags
From security-tools
[STUB - Not implemented] Access control auditing with IDOR detection, RBAC/ABAC patterns, and privilege escalation prevention. PROACTIVELY activate for: [TODO: Define on implementation]. Triggers: [TODO: Define on implementation]
How this skill is triggered — by the user, by Claude, or both
Slash command
/security-tools:access-control-patternsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> **STUB: This skill is not yet implemented**
STUB: This skill is not yet implemented
This placeholder preserves the documented plugin structure. See parent plugin README for planned capabilities.
// WRONG - no ownership check
const post = await db.posts.findById(params.id);
// CORRECT - verify ownership
const post = await db.posts.findById(params.id);
if (post.authorId !== session.userId) {
throw new ForbiddenError();
}
npx claudepluginhub agentient/vibekit --plugin security-toolsEnforces deny-by-default authorization at every resource access point using RBAC or ABAC patterns. Use when implementing access control decisions for APIs, web apps, or services.
Detects missing ownership checks, broken role enforcement, and IDOR vulnerabilities in authorization code. Use when implementing access control middleware or resource ownership checks.
Provides ACL, RBAC, ABAC, ReBAC models, multi-tenancy patterns, and PHP implementations (Symfony Voters, Laravel Gates) for security audits and code generation.