From appsec
This skill should be used when the user asks to "check for non-repudiation privacy risks", "analyze excessive audit logging", "find privacy issues related to accountability", "check for forced identity linking", or mentions "non-repudiation" in a privacy context. Maps to LINDDUN category N. This is the INVERSE of STRIDE repudiation -- here too much proof is the threat.
npx claudepluginhub florianbuetow/claude-code --plugin appsecThis skill uses the workspace's default tool permissions.
Analyze source code for non-repudiation threats where forced accountability
Acquire memory dumps from live systems/VMs and analyze with Volatility 3 for processes, networks, DLLs, injections in incident response or malware hunts.
Provides x86-64/ARM disassembly patterns, calling conventions, control flow recognition for static analysis of executables and compiled binaries.
Identifies anti-debugging checks like IsDebuggerPresent, NtQueryInformationProcess in Windows binaries; suggests bypasses via patches/hooks/scripts for malware analysis, CTFs, authorized RE.
Analyze source code for non-repudiation threats where forced accountability creates privacy risks. In privacy, non-repudiation becomes a threat when it creates irrefutable proof linking users to sensitive activities where plausible deniability should be preserved. This is the inverse of STRIDE Repudiation.
Read ../../shared/schemas/flags.md for full flag
documentation. This skill supports all cross-cutting flags.
| Flag | Non-Repudiation-Specific Behavior |
|---|---|
--scope | Default changed. Focuses on files containing audit logging, digital signatures, transaction receipts, and immutable record storage. |
--depth quick | Grep patterns only: scan for comprehensive audit logging and signature mechanisms. |
--depth standard | Full code read, classify logged actions by sensitivity, assess deniability gaps. |
--depth deep | Trace audit trail coverage across the system. Map which sensitive actions create irrefutable evidence. |
--depth expert | Deep + adversarial subpoena simulation: model what a legal adversary can prove from system records. |
--severity | Filter output. Severity depends on sensitivity of the activity being irrefutably logged. |
--fix | Generate selective logging, retention limits, and anonymous channel implementations. |
LINDDUN N -- Non-repudiation (Privacy Context)
Non-repudiation in a privacy context occurs when the system creates irrefutable
proof that a specific user performed a sensitive action, in situations where
plausible deniability should be available. Read
../../shared/frameworks/linddun.md for the
full LINDDUN framework reference including the relationship between LINDDUN N
and STRIDE R.
Privacy Property Violated: Plausible Deniability
STRIDE Mapping: Repudiation (inverse relationship -- STRIDE treats deniability as a security threat; LINDDUN treats forced accountability as a privacy threat)
--scope flag (default: changed).Read each scoped file and assess whether accountability mechanisms create privacy risks:
At --depth deep or --depth expert, model the full audit trail and determine
what a legal adversary or data breach could reveal about user behavior.
Output findings per ../../shared/schemas/findings.md.
Each finding needs: NREP-NNN id, title, severity (based on activity sensitivity
and irrefutability of proof), location with snippet, description of evidence
created, impact (what can be proven if logs are subpoenaed), fix (selective
logging, retention limits, or anonymous channels), and CWE/LINDDUN references.
audit\.log|auditLog|audit_trail|AuditEvent|createAuditEntry|logActivitylog.*userId.*search|audit.*user.*query|record.*identity.*actionsign\(|createSignature|digitalSignature|crypto\.sign|jwt\.sign.*actionblockchain|immutable|append.only|ledger|write.*once|WORMsessionRecording|screenCapture|fullStory|hotjar|mouseflow|session.replayanonymous|pseudonym|whistleblow|report.*anonymous|tiplineretention|ttl|cleanup|purge|expire.*audit|delete.*log.*older| Regulation | Provision | Relevance |
|---|---|---|
| GDPR Art. 17 | Right to erasure | Irrefutable audit trails may conflict with deletion rights |
| GDPR Art. 5(1)(e) | Storage limitation | Indefinite audit logs violate storage limitation principle |
| GDPR Art. 5(1)(c) | Data minimization | Excessive logging collects more data than necessary |
| EU Directive 2019/1937 | Whistleblower protection | Anonymous reporting channels must protect identity |
| HIPAA Privacy Rule | Minimum necessary standard | Access logs should record minimum necessary detail |
| CCPA 1798.105 | Right to delete | Users may request deletion of activity records |
Use finding ID prefix NREP (e.g., NREP-001, NREP-002).
All findings follow the schema in
../../shared/schemas/findings.md with:
references.cwe: CWE-779 (Logging of Excessive Data)references.owasp: A09:2021 (Security Logging & Monitoring Failures -- excessive audit trail)metadata.tool: "non-repudiation-privacy"metadata.framework: "linddun"metadata.category: "N"Summary table after all findings:
| Non-Repudiation Pattern | Critical | High | Medium | Low |
|-----------------------------|----------|------|--------|-----|
| Blanket audit logging | | | | |
| Identity in sensitive logs | | | | |
| Mandatory signatures | | | | |
| Immutable action records | | | | |
| Session recording | | | | |
| Missing anonymous channels | | | | |
Followed by: top 3 priorities, sensitivity classification gaps, and overall assessment.