UhdyIndy/api-security
skills/api-security/SKILL.md
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
development
Updated Apr 23, 2026
$ install --global
skillsauthnpx skillsauth add UhdyIndy/antigravity-awesome-skills api-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 9:55 PM143.8s1 file scanned
SKILL.md
- name:
- api-security
- description:
- API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
API Security
Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.
Techniques
| Type | Key Vectors | |------|-------------| | GraphQL | Introspection, batching attacks, nested query DoS, field suggestion | | REST API | BOLA/IDOR, mass assignment, rate limiting, auth bypass, versioning | | WebSocket | Cross-site hijacking, message manipulation, auth flaws | | Web-LLM | Prompt injection via API, excessive agency, data exfiltration |
Workflow
- Discover API endpoints and documentation (Swagger, GraphQL schema)
- Map authentication and authorization mechanisms
- Test per API type using appropriate techniques
- Validate data exposure and access control flaws
- Capture evidence with HTTP request/response logs
Reference
reference/graphql*.md- GraphQL attack techniques and labsreference/api-testing*.md- REST API security testing guidereference/websockets*.md- WebSocket vulnerability testingreference/web-llm*.md- Web-LLM attack techniques and labs
Related Skills
UhdyIndy/azure-keyvault-keys-rust
tools
VerifiedTrustedCommunity
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
SKILL.mdUpdated Apr 24, 2026
UhdyIndy/azure-keyvault-certificates-rust
development
VerifiedTrustedCommunity
Azure Key Vault Certificates SDK for Rust. Use for creating, importing, and managing certificates.
SKILL.mdUpdated Apr 24, 2026
UhdyIndy/azure-identity-ts
devops
VerifiedTrustedCommunity
Authenticate to Azure services with various credential types.
SKILL.mdUpdated Apr 24, 2026
UhdyIndy/azure-identity-rust
tools
VerifiedTrustedCommunity
Azure Identity SDK for Rust authentication. Use for DeveloperToolsCredential, ManagedIdentityCredential, ClientSecretCredential, and token-based authentication.
SKILL.mdUpdated Apr 24, 2026