Authorization Matrix
Build and verify an authorization matrix mapping roles to endpoints — detect unprotected routes, missing ownership checks, and scope misconfigurations
Best use case
Authorization Matrix is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Build and verify an authorization matrix mapping roles to endpoints — detect unprotected routes, missing ownership checks, and scope misconfigurations
Teams using Authorization Matrix should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/authorization-matrix/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Authorization Matrix Compares
| Feature / Agent | Authorization Matrix | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Build and verify an authorization matrix mapping roles to endpoints — detect unprotected routes, missing ownership checks, and scope misconfigurations
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Authorization Matrix Skill Build a complete authorization matrix from the codebase and verify every endpoint has appropriate authentication, authorization, and ownership checks. ## Trigger Conditions - Route configuration changes - Auth middleware changes - New handlers are added - User invokes with "auth matrix" or "authorization-matrix" ## Input Contract - **Required:** Path to route configuration (main.go or router files) - **Required:** Path to middleware directory - **Optional:** Path to handler files for ownership check verification ## Output Contract - Complete route → auth requirement matrix - List of unprotected routes (missing auth middleware) - List of routes missing account ownership verification - Comparison against the whitelist in rule 121 ## Tool Permissions - **Read:** Route config, middleware, handler files - **Write:** None (read-only analysis) - **Search:** Grep for `Use(middleware.Auth`, `GetUserID`, `RequireScope`, `AccountOwnership` ## Execution Steps 1. **Extract all routes**: Parse route registration to build complete endpoint list with HTTP method and path 2. **Identify auth middleware**: Find which route groups use auth middleware 3. **Check whitelist**: Compare unauthenticated routes against the whitelist in rule 121 4. **Verify ownership**: For account-scoped routes (`/accounts/:id/*`), verify ownership middleware is applied 6. **Report**: Produce authorization matrix with pass/fail per check ## Success Criteria - All routes outside the whitelist are authenticated - All account-scoped routes verify ownership - All financial endpoints require appropriate scopes - No route bypasses auth through misconfiguration ## References - `.cursor/rules/121-route-auth-enforcement.mdc` - `.cursor/rules/042-security-authorization.mdc`
Related Skills
add-authorization-methods
Add authorization methods for a new entity to AuthorizationService. Use after creating a resource service. Triggers on "add permissions", "authorization methods", "entity permissions", "add auth methods".
access-control-matrix
Design RBAC/ABAC policies and permission boundaries.
Transition Failure Matrix
Identify failure hotspots in multi-step agent workflows using state transition analysis. Use when debugging agent pipelines, analyzing LLM orchestration failures, or systematically identifying where multi-step processes break down. Creates a grid mapping source states to failure points for targeted debugging.
Env Matrix Dev Stg Prod
Standards for managing environments (development, staging, production) including configs, data policies, and access controls that differ per environment. This skill enables environment parity, reduces
authentication-authorization
Authentication and authorization patterns using Clerk and RBAC
bgo
Automates the complete Blender build-go workflow, from building and packaging your extension/add-on to removing old versions, installing, enabling, and launching Blender for quick testing and iteration.
security-scanning-security-hardening
Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.
security-scanning-security-dependencies
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...
security-scan
Comprehensive security scanning for CVE vulnerabilities, OWASP Top 10 code patterns, and dependency audits. Use when the user wants to check code security, find vulnerabilities, or audit dependencies.
security-reviewer
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
security-review
Run a targeted security audit on specified files or modules. Uses OWASP-informed checks, dependency vulnerability scanning, and auth/input validation review. Use for security audits, vulnerability checks, or before deploying sensitive code. Keywords: security, audit, vulnerability, OWASP, CVE, secrets, injection, XSS, auth, authentication, authorization
security-review-pr
PR/branch security review focused on HIGH-CONFIDENCE vulnerabilities with minimal false positives. Uses git diff analysis and sub-task parallelization.