CenredJun/api-architect
skills/api-architect/SKILL.md
Expert API designer for REST, GraphQL, gRPC architectures. Activate on: API design, REST API, GraphQL schema, gRPC service, OpenAPI, Swagger, API versioning, endpoint design, rate limiting, OAuth flow. NOT for: database schema (use data-pipeline-engineer), frontend consumption (use web-design-expert), deployment (use devops-automator).
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add CenredJun/openclaw-claudecode-setup-kit api-architectInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:54 PM1.9s1 file scanned
SKILL.md
- name:
- api-architect
- description:
- Expert API designer for REST, GraphQL, gRPC architectures. Activate on: API design, REST API, GraphQL schema, gRPC service, OpenAPI, Swagger, API versioning, endpoint design, rate limiting,
- OAuth flow. NOT for:
- database schema (use data-pipeline-engineer), frontend consumption (use web-design-expert), deployment (use devops-automator).
- allowed-tools:
- Read,Write,Edit,Bash(npm:*,npx:*,openapi-generator:*)
- category:
- Code Quality & Testing
- - skill:
- devops-automator
- reason:
- Deployment and infrastructure for APIs
API Architect
Expert API designer specializing in REST, GraphQL, gRPC, and WebSocket architectures.
Activation Triggers
Activate on: "API design", "REST API", "GraphQL schema", "gRPC service", "OpenAPI", "Swagger", "API versioning", "endpoint design", "rate limiting", "OAuth flow", "API gateway"
NOT for: Database schema → data-pipeline-engineer | Frontend consumption → web-design-expert | Deployment → devops-automator
Quick Start
- Define API contract first (API-first design)
- Choose paradigm: REST for CRUD, GraphQL for flexible queries, gRPC for internal services
- Write the spec: OpenAPI for REST, SDL for GraphQL, .proto for gRPC
- Design error responses with consistent structure
- Plan versioning before your first release
Core Capabilities
| Domain | Technologies | |--------|-------------| | REST | OpenAPI 3.1, HATEOAS, Pagination | | GraphQL | SDL, Relay, DataLoader, Federation | | gRPC | Protocol Buffers, Streaming patterns | | Security | OAuth 2.0, JWT, API Keys, RBAC | | DX | Swagger UI, SDK generation, Sandboxes |
Architecture Patterns
API-First Development
Design Contract → Generate Stubs → Implement → Test Against Spec
Response Envelope
success: { data: <resource>, meta: { page, total } }
error: { error: { code, message, details: [{ field, issue }] } }
Versioning Options
- URL:
/v1/users(most explicit) - Header:
Accept: application/vnd.api+json;version=1 - Query:
/users?version=1
Reference Files
Full working examples in ./references/:
| File | Description | Lines |
|------|-------------|-------|
| openapi-spec.yaml | Complete OpenAPI 3.1 spec | 162 |
| graphql-schema.graphql | GraphQL with Relay connections | 111 |
| grpc-service.proto | Protocol Buffer, all streaming | 95 |
| rate-limiting.yaml | Tier-based rate limit config | 85 |
| api-security.yaml | Auth, CORS, security headers | 130 |
Anti-Patterns (AVOID These)
1. Verb-Based URLs
Symptom: /getUsers, /createOrder, /deleteProduct
Fix: Use nouns (/users, /orders), let HTTP methods convey action
2. Inconsistent Response Envelopes
Symptom: {data: [...]} sometimes, raw arrays other times
Fix: Always use consistent envelope structure
3. Breaking Changes Without Versioning
Symptom: Removing fields, changing types without warning Fix: Semantic versioning, deprecation headers, sunset periods
4. N+1 in GraphQL
Symptom: Resolver queries database per item in list
Fix: DataLoader pattern for batching, @defer for large payloads
5. Over-fetching REST Endpoints
Symptom: /users returns 50 fields when clients need 3
Fix: Sparse fieldsets (?fields=id,name,email) or GraphQL
6. Missing Pagination
Symptom: List endpoints return all records
Fix: Default limits, cursor-based pagination, hasMore indicator
7. No Idempotency Keys
Symptom: Duplicate POST requests create duplicate resources
Fix: Accept Idempotency-Key header, return cached response
8. Leaky Internal Errors
Symptom: Stack traces, SQL errors exposed in 500 responses Fix: Generic error messages in production, request IDs for debugging
9. Missing CORS Configuration
Symptom: Browser clients blocked with CORS errors Fix: Configure allowed origins, methods, headers explicitly
10. No Rate Limiting
Symptom: API vulnerable to abuse, no usage visibility
Fix: Implement limits per tier, return X-RateLimit-* headers
Validation Script
Run ./scripts/validate-api-spec.sh to check:
- OpenAPI specs for versions, security schemes, operationIds
- GraphQL schemas for Query types, pagination, error handling
- Protocol Buffers for syntax, packages, field numbers
- Common issues like hardcoded URLs, missing versioning
Quality Checklist
[ ] All endpoints use nouns, not verbs
[ ] Consistent response envelope structure
[ ] Error responses include codes and actionable messages
[ ] Pagination on all list endpoints
[ ] Authentication/authorization documented
[ ] Rate limit headers defined
[ ] Versioning strategy documented
[ ] CORS configured for known origins
[ ] Idempotency keys for mutating operations
[ ] OpenAPI spec validates without errors
[ ] SDK generation tested
[ ] Examples for all request/response types
Output Artifacts
- OpenAPI Specifications - Complete API contracts
- GraphQL Schemas - Type definitions with connections
- Protocol Buffers - gRPC service definitions
- API Documentation - Developer guides
- SDK Examples - Client code samples
- Postman Collections - API test suites
Tools Available
Read,Write,Edit- File operations for specsBash(npm:*, npx:*)- OpenAPI linting, code generationBash(openapi-generator:*)- SDK generation
Related Skills
CenredJun/deep-research
development
VerifiedTrustedCommunity
Execute autonomous multi-step research using Google Gemini Deep Research Agent. Use for: market analysis, competitive landscaping, literature reviews, technical research, due diligence. Takes 2-10 ...
SKILL.mdUpdated Apr 16, 2026
CenredJun/cost-optimizer
testing
VerifiedTrustedCommunity
Tracks cumulative LLM costs across DAG execution and makes real-time decisions to stay within budget. Downgrades models, skips optional nodes, or stops early when cost exceeds thresholds. Use when managing execution budgets, analyzing cost breakdowns, or optimizing model routing for cost. Activate on "cost budget", "too expensive", "reduce cost", "cost optimization", "model downgrade", "budget exceeded". NOT for LLM model selection logic (use llm-router), pricing comparisons across providers, or billing/invoicing.
SKILL.mdUpdated Apr 16, 2026
CenredJun/copywriting
development
VerifiedTrustedCommunity
When the user wants to write, rewrite, or improve marketing copy for any page — including homepage, landing pages, pricing pages, feature pages, about pages, or product pages. Also use when the user says "write copy for," "improve this copy," "rewrite this page," "marketing copy," "headline help," "CTA copy," "value proposition," "tagline," "subheadline," "hero section copy," "above the fold," "this copy is weak," "make this more compelling," or "help me describe my product." Use this whenever someone is working on website text that needs to persuade or convert. For email copy, see email-sequence. For popup copy, see popup-cro. For editing existing copy, see copy-editing.
SKILL.mdUpdated Apr 16, 2026
CenredJun/content-marketer
testing
VerifiedTrustedCommunity
Elite content marketing strategist specializing in AI-powered content creation, omnichannel distribution, SEO optimization, and data-driven performance marketing.
SKILL.mdUpdated Apr 16, 2026