openclaw / permission-auditor

Install for your project team

Run this command in your project directory to install the skill for your entire team:

mkdir -p .claude/skills/permission-auditor && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3929" && unzip -o skill.zip -d .claude/skills/permission-auditor && rm skill.zip

New-Item -Path ".claude/skills/permission-auditor" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3929" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".claude/skills/permission-auditor" -Force; Remove-Item "skill.zip"

Project Skills

This skill will be saved in .claude/skills/permission-auditor/ and checked into git. All team members will have access to it automatically.

Important: Please verify the skill by reviewing its instructions before using it.

Install skill for Codex

Run one of these commands to install the skill depending on your needs:

Project Local ($CWD/.codex/skills)

mkdir -p .codex/skills/permission-auditor && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3929" && unzip -o skill.zip -d .codex/skills/permission-auditor && rm skill.zip

New-Item -Path ".codex/skills/permission-auditor" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3929" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".codex/skills/permission-auditor" -Force; Remove-Item "skill.zip"

User Global (~/.codex/skills)

mkdir -p ~/.codex/skills/permission-auditor && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3929" && unzip -o skill.zip -d ~/.codex/skills/permission-auditor && rm skill.zip

New-Item -Path "$HOME/.codex/skills/permission-auditor" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3929" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.codex/skills/permission-auditor" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
REPO	`$CWD/.codex/skills`	Project directory. Teams can check in skills most relevant to a working folder here.
REPO	`$CWD/../.codex/skills`	A folder above CWD. Organizations can check in skills relevant to a shared area.
REPO	`$REPO_ROOT/.codex/skills`	Top-most root folder. Relevant to everyone using the repository.
USER	`$CODEX_HOME/skills`	Personal folder (`~/.codex/skills`). Curate skills that apply to any repository.

Install skill for GitHub Copilot

Run one of these commands to install the skill depending on your needs:

Project (.github/skills)

mkdir -p .github/skills/permission-auditor && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3929" && unzip -o skill.zip -d .github/skills/permission-auditor && rm skill.zip

New-Item -Path ".github/skills/permission-auditor" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3929" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".github/skills/permission-auditor" -Force; Remove-Item "skill.zip"

Personal (~/.copilot/skills)

mkdir -p ~/.copilot/skills/permission-auditor && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3929" && unzip -o skill.zip -d ~/.copilot/skills/permission-auditor && rm skill.zip

New-Item -Path "$HOME/.copilot/skills/permission-auditor" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3929" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.copilot/skills/permission-auditor" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
Project	`.github/skills/`	Repository-specific skills. Checked into git for the whole team.
Personal	`~/.copilot/skills/`	Personal skills available across all your projects.

Install skill for Google Antigravity

Run one of these commands to install the skill depending on your needs:

Workspace (.agent/skills)

mkdir -p .agent/skills/permission-auditor && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3929" && unzip -o skill.zip -d .agent/skills/permission-auditor && rm skill.zip

New-Item -Path ".agent/skills/permission-auditor" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3929" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath ".agent/skills/permission-auditor" -Force; Remove-Item "skill.zip"

Global (~/.gemini/antigravity/skills)

mkdir -p ~/.gemini/antigravity/skills/permission-auditor && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3929" && unzip -o skill.zip -d ~/.gemini/antigravity/skills/permission-auditor && rm skill.zip

New-Item -Path "$HOME/.gemini/antigravity/skills/permission-auditor" -ItemType Directory -Force; Invoke-WebRequest -Uri "https://fastmcp.me/Skills/Download/3929" -OutFile "skill.zip"; Expand-Archive -Path "skill.zip" -DestinationPath "$HOME/.gemini/antigravity/skills/permission-auditor" -Force; Remove-Item "skill.zip"

Scope	Location	Suggested Use
Workspace	`.agent/skills/`	Workspace-specific skills for project workflows and conventions.
Global	`~/.gemini/antigravity/skills/`	Personal skills available across all workspaces.

Generate RBAC permission configs from your routes. Use when you need role-based access control without building it from scratch.

Productivity Security

0 views

0 installs

Source: https://github.com/openclaw/skills/tree/main/skills/lxgicstudios/permission-auditor

Skill Content

---
name: permission-auditor
description: Generate RBAC permission configs from your routes. Use when you need role-based access control without building it from scratch.
---

# Permission Auditor

Your API has 47 routes and no permission system. This tool scans your route handlers and generates RBAC permission configs automatically. It figures out which endpoints need which roles and outputs a config you can plug right into your middleware.

**One command. Zero config. Just works.**

## Quick Start

```bash
npx ai-permission src/routes/
```

## What It Does

- Scans route handlers and API endpoints to map out your permission surface
- Generates role-based access control configurations
- Detects admin-only routes, public routes, and auth-required routes
- Outputs middleware-ready permission configs
- Identifies routes missing auth checks

## Usage Examples

```bash
npx ai-permission src/routes/
npx ai-permission src/api/
npx ai-permission "src/**/*.controller.ts"
```

## Best Practices

- **Start with least privilege** - Default deny, then explicitly grant access
- **Review generated configs** - The tool suggests roles but you know your business logic
- **Keep permissions close to routes** - Don't scatter permission checks across your codebase

## When to Use This

- Building a new API and need to plan permissions
- Retrofitting RBAC onto an existing app
- Auditing which routes have missing auth checks

## Part of the LXGIC Dev Toolkit

This is one of 110+ free developer tools built by LXGIC Studios. No paywalls, no sign-ups, no API keys on free tiers. Just tools that work.

**Find more:**
- GitHub: https://github.com/LXGIC-Studios
- Twitter: https://x.com/lxgicstudios
- Substack: https://lxgicstudios.substack.com
- Website: https://lxgic.dev

## Requirements

No install needed. Just run with npx. Node.js 18+ recommended.

## How It Works

Scans your route files to extract endpoint definitions, HTTP methods, and existing auth middleware. AI analyzes the patterns to suggest appropriate role assignments and generates a structured RBAC config.

## License

MIT. Free forever. Use it however you want.

openclaw / permission-auditor

Install for your project team

Download skill

Enable skills in Claude

Upload to Claude

Install skill for Codex

Install skill for GitHub Copilot

Install skill for Google Antigravity

Skill Content