Broken Access Control (A01:2021)

Analyze source code for broken access control vulnerabilities including missing authorization checks, insecure direct object references, CORS misconfiguration, JWT manipulation, directory traversal, and privilege escalation.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags. Key flags for this skill:

--scope determines which files to analyze (default: changed)
--depth standard reads code and checks middleware chains
--depth deep traces authorization across call graphs and middleware stacks
--severity filters output (access control issues are often high or critical)

Framework Context

Read ../../shared/frameworks/owasp-top10-2021.md, section **A01:2021 - Broken

Related skills

More from florianbuetow/claude-code

Installs

Repository

florianbuetow/c…ude-code

GitHub Stars

First Seen

Feb 28, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykFail

access-control

Broken Access Control (A01:2021)

Supported Flags

Framework Context

More from florianbuetow/claude-code

ssrf

spec-writer

solid-principles

file-upload

pasta-risk

business-logic