cybernetic
← library

Detect missing authentication vulnerabilities

sast-missingauthskillsetup L30
reasonless-throne486/sast-skills
What it does

Detect missing authentication in endpoints

Best for

Finding unprotected endpoints that forgot authentication decorators or checks

Inputs
  • · Codebase under analysis
  • · sast/architecture.md (prerequisite)
Outputs
  • · sast/missingauth-results.md with findings
  • · Endpoints lacking auth checks
Preconditions
  • · sast/architecture.md must exist
  • · Source code accessible
Failure modes
  • · Middleware-level auth misses endpoint protection
  • · Public endpoints incorrectly flagged
  • · Auth bypass makes finding moot
Trust signals
  • · Three-phase analysis of auth decoration and enforcement
  • · Distinguishes public by design from missing
  • · High confidence findings per pattern