Spooonky you could write this as a controller in a custom local Flarum extension. Then you can use the Flarum built-in method to retrieve the user from the request, and then check if the user has a given permission.
Doing this outside of the Flarum extension API will be complicated, as you will have to write all of the logic to connect to the database and retrieve the information you need. The Flarum extension API makes all of this relatively easy.
If it really needs to run in an external script, the next best thing might be to perform a request to the Flarum REST API. But if you're working from the cookie you won't have access to the user ID without first retrieving the access token, and I don't think that part is exposed through the REST API.