Installation

Open Claude Code and run this command:

/plugin install access-control-auditor@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

Skills (1)

auditing-access-control SKILL.md View full skill →

Audit access control implementations for security vulnerabilities and misconfigurations.

ReadWriteEditGrepGlobBash(security:*)Bash(scan:*)Bash(audit:*)

Access Control Auditing

Overview

Audit access control implementations across codebases, cloud configurations, and

application layers for security vulnerabilities and policy violations. This skill

targets IAM policies, ACLs, RBAC configurations, file permissions, and API

authorization logic to identify privilege escalation paths, overly permissive

grants, and violations of the principle of least privilege.

Prerequisites

Access to the target codebase and configuration files in ${CLAUDESKILLDIR}/
Familiarity with the authorization model in use (RBAC, ABAC, ACL, or IAM)
grep, find, and standard shell utilities available via Bash
For cloud audits: CLI tools such as aws iam, gcloud, or az role installed and authenticated
Reference: ${CLAUDESKILLDIR}/references/README.md for IAM best practices, ACL vulnerability patterns, and NIST/GDPR access control standards

Instructions

Enumerate all access control definitions by scanning for IAM policy files, RBAC configuration, ACL definitions, middleware authorization checks, and .htaccess or equivalent files using Glob and Grep.
Map each role or principal to its granted permissions, building a permission matrix that identifies which subjects access which resources at which privilege level.
Evaluate each permission grant against the principle of least privilege -- flag any wildcard permissions (*), overly broad resource scopes, or administrative access granted to non-admin roles.
Check for separation of duties violations where a single role combines mutually exclusive privileges (e.g., both "create user" and "approve user").
Identify privilege escalation paths by tracing role inheritance chains, looking for roles that can modify their own permissions or assume higher-privileged roles.
Inspect API route handlers and middleware for missing or inconsistent authorization checks -- compare route definitions against their corresponding auth guards.
Verify that default-deny is enforced: confirm that unauthenticated or unauthorized requests are rejected unless explicitly allowed.
Cross-reference findings against compliance requirements (NIST AC-1 through AC-25, GDPR Article 25, SOC 2 CC6.1) and flag gaps.
Classify each finding by severity (critical, high, medium, low) based on exploitability and blast radius.
Generate a remediation plan with specific configuration changes, code patches, or policy updates for each finding.

Output

Permission matrix: Role-to-resource mapping table showing all grants
Findings report: Each finding includes severity, affected resource, description, CWE reference (e.g., CWE-269 I

access-control-auditor

Installation

Skills (1)

Access Control Auditing

Overview

Prerequisites

Instructions

Output

Ready to use access-control-auditor?

Related Plugins

access-control-auditor

Installation

Skills (1)

Access Control Auditing

Overview

Prerequisites

Instructions

Output

Ready to use access-control-auditor?

Related Plugins

authentication-validator

compliance-report-generator

cors-policy-validator

csrf-protection-validator

data-privacy-scanner

dependency-checker