ReddRadar
Agent skill
detecting-logic-bypass
Detects logic bypass vulnerabilities including authentication bypass, authorization bypass, and business logic flaws. Use when analyzing authentication mechanisms, access controls, or investigating security control bypasses.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/detecting-logic-bypass-waiwai24-binaryx-agent-ada757dc
SKILL.md
Logic Bypass Detection
Detection Workflow
- Identify security controls: Find authentication mechanisms, authorization checks, validation functions, business logic rules
- Trace control flow: Use
xrefs_toto trace paths, identify bypass opportunities, check for missing checks - Check validation logic: Review validation functions, test bypass scenarios, assess validation completeness
- Assess bypass impact: What security control is bypassed? What's the business impact? How severe is the bypass?
Key Patterns
- Authentication bypass: weak password checks, session token weaknesses, timing attacks
- Authorization bypass: missing permission checks, insecure direct object references, privilege escalation
- Input validation bypass: blacklist-based validation, insufficient sanitization, regex bypass
- Business logic bypass: race conditions, state manipulation, transaction abuse
Output Format
Report with: id, type, subtype, severity, confidence, location, vulnerability, security control, bypass method, attack scenario, bypass steps, exploitability, impact, mitigation.
Severity Guidelines
- CRITICAL: Complete bypass of primary security control
- HIGH: Bypass of important security control
- MEDIUM: Partial bypass or edge case bypass
- LOW: Limited bypass with minor impact
See Also
patterns.md- Detailed detection patterns and exploitation scenariosexamples.md- Example analysis cases and code samplesreferences.md- CWE references and mitigation strategies
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?