missing-authentication-anti-pattern

Missing or broken authentication occurs when applications fail to verify user identity, allowing unauthorized access to protected data and functionality. This manifests as unprotected endpoints, missing session checks, or weak credential verification vulnerable to bypass or brute-force. AI-generated code frequently produces insecure boilerplate with stubbed or missing authentication checks.

Never create endpoints accessing sensitive data or functionality without verifying user identity and validating active sessions.

身分驗證遺失或損壞的安全反模式 (CWE-287)。在產生或檢查登入系統、API 端點、受保護路由或存取控制的程式碼時使用。偵測未受保護的端點、弱密碼原則、缺少身份驗證速率限制。 來源：igbuend/grimbard。

開啟你的終端機或命令列工具（如 Terminal、iTerm、Windows Terminal 等） 複製並執行以下指令：npx skills add https://github.com/igbuend/grimbard --skill missing-authentication-anti-pattern 安裝完成後，技能將自動設定到你的 AI 程式設計環境中，可以在 Claude Code、Cursor 或 OpenClaw 中使用