missing-authentication-anti-pattern

Missing or broken authentication occurs when applications fail to verify user identity, allowing unauthorized access to protected data and functionality. This manifests as unprotected endpoints, missing session checks, or weak credential verification vulnerable to bypass or brute-force. AI-generated code frequently produces insecure boilerplate with stubbed or missing authentication checks.

Never create endpoints accessing sensitive data or functionality without verifying user identity and validating active sessions.

身份验证丢失或损坏的安全反模式 (CWE-287)。在生成或检查登录系统、API 端点、受保护路由或访问控制的代码时使用。检测未受保护的端点、弱密码策略以及缺少身份验证速率限制。 来源：igbuend/grimbard。

打开你的终端或命令行工具（如 Terminal、iTerm、Windows Terminal 等） 复制并运行以下命令：npx skills add https://github.com/igbuend/grimbard --skill missing-authentication-anti-pattern 安装完成后，技能将自动配置到你的 AI 编程环境中，可以在 Claude Code、Cursor 或 OpenClaw 中使用