From aiup-alfresco
Flags ACL bypass risks in Alfresco CMIS, Alfresco Query Language, SearchService, Solr, and Elasticsearch queries. Rates severity and suggests authority-context fixes. Trigger on search/query code generation.
npx claudepluginhub aborroy/aiup-alfrescoThis skill is limited to using the following tools:
Review generated query code for potential ACL bypass issues.
Audits IAM policies, RBAC, ACLs, file permissions, and API authorization for vulnerabilities, privilege escalation paths, and least privilege violations.
Audits code for vulnerabilities using OWASP checklist on injection, authentication, authorization, secrets, input validation, configuration, dependencies, and cryptography risks.
Reviews Django access control and IDOR vulnerabilities in views, DRF viewsets, ORM queries, and authorization-handling Python code. Use for security audits.
Share bugs, ideas, or general feedback.
Review generated query code for potential ACL bypass issues.
SearchParameters includes authority context when neededAuthenticationUtil.runAsSystem — flag any query executed inside runAsSystem as a potential security issue unless explicitly justifiedsys_acl / sys_racl — when using Search Enterprise (Elasticsearch), verify that ACL fields are included in the search index configurationfts.alfresco.defaultNamespace setting; warn if queries hardcode node refsFlag each potential ACL bypass with severity (high/medium/low), explanation, and suggested fix.