idor — for Claude Code bug-bounty-harness, community, for Claude Code, ide skills, checklist.md, todo.md, type idor, horizontal-read, horizontal-write, vertical

v1.0.0
GitHub

Acerca de este Skill

Escenario recomendado: Ideal for AI agents that need test for insecure direct object reference vulnerabilities. Resumen localizado: # IDOR Testing Test for Insecure Direct Object Reference vulnerabilities. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Características

Test for Insecure Direct Object Reference vulnerabilities.
Required Preflight
Read shared state in this order before testing:
notes/observations.md
checklist.md (IDOR items only)

# Core Topics

for Claude Code checklist.md todo.md type idor horizontal-read horizontal-write
ghostonbutterbread ghostonbutterbread
[0]
[0]
Updated: 4/8/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 10/11

This page remains useful for operators, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution Quality floor passed for review
Review Score
10/11
Quality Score
52
Canonical Locale
en
Detected Body Locale
en

Escenario recomendado: Ideal for AI agents that need test for insecure direct object reference vulnerabilities. Resumen localizado: # IDOR Testing Test for Insecure Direct Object Reference vulnerabilities. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

¿Por qué usar esta habilidad?

Recomendacion: idor helps agents test for insecure direct object reference vulnerabilities. IDOR Testing Test for Insecure Direct Object Reference vulnerabilities. This AI agent skill supports Claude Code, Cursor, and

Mejor para

Escenario recomendado: Ideal for AI agents that need test for insecure direct object reference vulnerabilities.

Casos de uso accionables for idor

Caso de uso: Applying Test for Insecure Direct Object Reference vulnerabilities
Caso de uso: Applying Required Preflight
Caso de uso: Applying Read shared state in this order before testing:

! Seguridad y limitaciones

  • Limitacion: checklist.md (IDOR items only)
  • Limitacion: todo.md (IDOR items only)
  • Limitacion: --quiet, -q Show hits only

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

After The Review

Decide The Next Action Before You Keep Reading Repository Material

Killer-Skills should not stop at opening repository instructions. It should help you decide whether to install this skill, when to cross-check against trusted collections, and when to move into workflow rollout.

Install Path

Start With Installation And Validation

If this skill is worth continuing with, the next step is to confirm the install command, CLI write path, and environment validation.
Trusted Recheck

Cross-Check Against Trusted Picks

If you are still comparing multiple skills or vendors, go back to the trusted collection before amplifying repository noise.
Workflow

Move To Workflow Collections For Team Rollout

When the goal shifts from a single skill to team handoff, approvals, and repeatable execution, move into workflow collections.
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is idor?

Escenario recomendado: Ideal for AI agents that need test for insecure direct object reference vulnerabilities. Resumen localizado: # IDOR Testing Test for Insecure Direct Object Reference vulnerabilities. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

How do I install idor?

Run the command: npx killer-skills add ghostonbutterbread/bug-bounty-harness/idor. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for idor?

Key use cases include: Caso de uso: Applying Test for Insecure Direct Object Reference vulnerabilities, Caso de uso: Applying Required Preflight, Caso de uso: Applying Read shared state in this order before testing:.

Which IDEs are compatible with idor?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for idor?

Limitacion: checklist.md (IDOR items only). Limitacion: todo.md (IDOR items only). Limitacion: --quiet, -q Show hits only.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add ghostonbutterbread/bug-bounty-harness/idor. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use idor immediately in the current project.

! Reference-Only Mode

This page remains useful for installation and reference, but Killer-Skills no longer treats it as a primary indexable landing page. Read the review above before relying on the upstream repository instructions.

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

idor

# IDOR Testing Test for Insecure Direct Object Reference vulnerabilities. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows. Test for

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

IDOR Testing

Test for Insecure Direct Object Reference vulnerabilities.

Required Preflight

Read shared state in this order before testing:

  1. notes/summary.md
  2. notes/observations.md
  3. checklist.md (IDOR items only)
  4. todo.md (IDOR items only)

Primary Harness

Use agents/bypass_harness.py in --type idor mode for first-pass ID swapping and header-trick coverage. Expand manually for multi-step workflows, write actions, and role-bound objects once you identify a promising reference.

bash
1python agents/bypass_harness.py --target https://target.com/api/v1/orders/123 \
2  --type idor --program target --concurrency 5 --rps 2

Mode Matrix

ModeUse WhenWhat It Tests
horizontal-readOne user can see another user's objectRead access control on object fetches
horizontal-writeMutable resources existUpdate or delete authorization on peer objects
verticalAdmin or privileged resources are exposed via IDsRole boundary enforcement
workflowIDs appear across multi-step flowsOwnership checks at each transition

Primary Commands

bash
1# Path-based ID swapping
2python agents/bypass_harness.py --target https://target.com/api/v1/orders/123 \
3  --type idor --program target --concurrency 5 --rps 2
4
5# Query-parameter ID swapping
6python agents/bypass_harness.py --target https://target.com/api/v1/order?id=123 \
7  --type idor --program target --concurrency 5 --rps 2

CLI Notes

agents/bypass_harness.py

OptionDescription
--target, -tTarget URL (required)
--type, -TUse idor
--programProgram name for shared storage
--output-dir, -oOverride raw artifact directory
--timeoutRequest timeout in seconds
--concurrency, -cMax parallel requests
--rpsRequests per second
--verbose, -vVerbose debug output
--quiet, -qShow hits only

Files

  • Playbook: $HARNESS_ROOT/prompts/idor-playbook.md
  • Shared Root: $HARNESS_SHARED_BASE/{program}/agent_shared/
  • IDOR Findings: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/idor/findings.md
  • Bypass Artifacts: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/bypass/

Workflow

  1. Complete the required preflight reads in shared state order.
  2. Read prompts/idor-playbook.md.
  3. Run agents/bypass_harness.py in --type idor mode for first-pass coverage.
  4. Confirm promising cases manually with baseline captures and multi-account comparison.
  5. Write findings to agent_shared/findings/idor/findings.md.
  6. Update IDOR entries in checklist.md, todo.md, and relevant notes.

Habilidades relacionadas

Looking for an alternative to idor or another community skill for your workflow? Explore these related open-source skills.

Ver todo

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
Inteligencia Artificial

widget-generator

Logo of f
f

Generar complementos de widgets personalizables para el sistema de feeds de prompts.chat

149.6k
0
Inteligencia Artificial

flags

Logo of vercel
vercel

El Marco de React

138.4k
0
Navegador

pr-review

Logo of pytorch
pytorch

Tensores y redes neuronales dinámicas en Python con fuerte aceleración de GPU

98.6k
0
Desarrollador