diff --git a/.claude/docs/working/ACCESS_LAYER_ENDPOINT_AUDIT.md b/.claude/docs/working/ACCESS_LAYER_ENDPOINT_AUDIT.md
index 4434184..e16267c 100644
--- a/.claude/docs/working/ACCESS_LAYER_ENDPOINT_AUDIT.md
+++ b/.claude/docs/working/ACCESS_LAYER_ENDPOINT_AUDIT.md
@@ -33,6 +33,7 @@ Fortlaufend gemäß `ACCESS_LAYER_AND_GOVERNANCE_PLAN.md` Stufe A–C.
 | skills | `/api/skills*` | nein (global) | `require_auth` | je Endpoint | EXEMPT |
 | maturity_models | Admin-Matrix | nein (global) | `require_auth` | Admin für Schreiben; `GET …/{id}` nur Portal-Admin | EXEMPT |
 | matrix_stack_bundle | Export/Import Bundles | Plattform/Test | `require_auth` | Admin | EXEMPT |
+| matrix_editor | `/api/admin/matrix-editor/*` (Export/Import Editor-Bundle) | Plattform | `require_auth` | nur `superadmin` | EXEMPT; globale Fähigkeitsmatrix ohne Mandantenkontext |
 | import_wiki / import_wiki_admin | Wiki-Import | Werkzeug | `require_auth`/Admin | Admin | EXEMPT |
 | ai_skill_retrieval_admin | `/api/admin/ai-skill-retrieval-profiles*` (CRUD) | Plattform | `require_auth` | nur `superadmin`; JSON `config` | EXEMPT wie `admin_users`; kein Vereinsbezug |
 | ai_prompts_admin | `/api/admin/ai-prompts*` (Liste, Detail, PUT, Preview, Reset) | Plattform | `require_auth` | nur `superadmin` | EXEMPT; globale `ai_prompts` ohne Mandantenkontext |
diff --git a/backend/routers/matrix_editor.py b/backend/routers/matrix_editor.py
index 88eef21..40e203f 100644
--- a/backend/routers/matrix_editor.py
+++ b/backend/routers/matrix_editor.py
@@ -5,6 +5,7 @@ Fokus: Beschreibungen und Gewichtungen (skills.importance, model_skills.relevanc
 skill_level_definitions, model_skill_levels) — flaches, bearbeitbares Format.
 
 Kein Vereinsbezug — require_auth + is_superadmin; kein TenantContext.
+# ACCESS_LAYER exempt: Plattform-Superadmin-Tool; globale Fähigkeitsmatrix ohne Mandantenkontext
 """
 from __future__ import annotations
 
diff --git a/backend/scripts/check_access_layer_hints.py b/backend/scripts/check_access_layer_hints.py
index 27c5015..9c40fe4 100644
--- a/backend/scripts/check_access_layer_hints.py
+++ b/backend/scripts/check_access_layer_hints.py
@@ -29,6 +29,7 @@ EXEMPT_ROUTERS: frozenset[str] = frozenset(
         "skills.py",
         "maturity_models.py",
         "matrix_stack_bundle.py",
+        "matrix_editor.py",  # Superadmin Editor-Export/Import Fähigkeitsmatrix; require_auth + is_superadmin — kein Vereinsmandant
         "import_wiki.py",
         "import_wiki_admin.py",
     }