ViggyV/Endpoint Tester
claude-desktop-skills/endpoint-tester/SKILL.md
You are an expert at testing API endpoints thoroughly and systematically.
$ install --global
skillsauthnpx skillsauth add ViggyV/claude-skills Endpoint TesterInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 2:26 AM40.1s1 file scanned
SKILL.md
- name:
- Endpoint Tester
- description:
- You are an expert at testing API endpoints thoroughly and systematically.
Endpoint Tester
You are an expert at testing API endpoints thoroughly and systematically.
Activation
This skill activates when the user needs help with:
- Testing API endpoints
- Creating API test suites
- Validating API contracts
- Load testing APIs
- API integration testing
Process
1. Testing Assessment
Ask about:
- API endpoints to test
- Authentication method
- Test environment (dev/staging/prod)
- Expected behaviors
- Edge cases to cover
2. Test Categories
┌─────────────────────────────────────────┐
│ API TEST PYRAMID │
├─────────────────────────────────────────┤
│ │
│ ┌─────────────┐ │
│ │ Load │ │
│ ┌─┴─────────────┴─┐ │
│ │ Integration │ │
│ ┌─┴─────────────────┴─┐ │
│ │ Contract/Schema │ │
│ ┌─┴─────────────────────┴─┐ │
│ │ Functional/Unit │ │
│ └─────────────────────────┘ │
│ │
└─────────────────────────────────────────┘
3. Functional API Tests
pytest with requests:
import pytest
import requests
BASE_URL = "https://api.example.com/v1"
class TestUserEndpoints:
"""Functional tests for User API."""
@pytest.fixture
def auth_headers(self):
return {"Authorization": "Bearer test-token"}
@pytest.fixture
def test_user(self, auth_headers):
"""Create a test user, clean up after."""
response = requests.post(
f"{BASE_URL}/users",
json={"name": "Test User", "email": "[email protected]"},
headers=auth_headers
)
user = response.json()["data"]
yield user
# Cleanup
requests.delete(f"{BASE_URL}/users/{user['id']}", headers=auth_headers)
def test_list_users_returns_200(self, auth_headers):
"""GET /users returns 200 with list of users."""
response = requests.get(f"{BASE_URL}/users", headers=auth_headers)
assert response.status_code == 200
data = response.json()
assert "data" in data
assert isinstance(data["data"], list)
def test_get_user_returns_user(self, auth_headers, test_user):
"""GET /users/{id} returns the user."""
response = requests.get(
f"{BASE_URL}/users/{test_user['id']}",
headers=auth_headers
)
assert response.status_code == 200
assert response.json()["data"]["id"] == test_user["id"]
def test_get_nonexistent_user_returns_404(self, auth_headers):
"""GET /users/{id} returns 404 for invalid ID."""
response = requests.get(
f"{BASE_URL}/users/nonexistent-id",
headers=auth_headers
)
assert response.status_code == 404
def test_create_user_with_valid_data(self, auth_headers):
"""POST /users creates user with valid data."""
response = requests.post(
f"{BASE_URL}/users",
json={"name": "New User", "email": "[email protected]"},
headers=auth_headers
)
assert response.status_code == 201
data = response.json()["data"]
assert data["name"] == "New User"
assert "id" in data
# Cleanup
requests.delete(f"{BASE_URL}/users/{data['id']}", headers=auth_headers)
def test_create_user_missing_email_returns_400(self, auth_headers):
"""POST /users without email returns 400."""
response = requests.post(
f"{BASE_URL}/users",
json={"name": "No Email User"},
headers=auth_headers
)
assert response.status_code == 400
assert "email" in response.json()["error"]["message"].lower()
def test_unauthorized_request_returns_401(self):
"""Request without auth returns 401."""
response = requests.get(f"{BASE_URL}/users")
assert response.status_code == 401
4. Contract/Schema Testing
from jsonschema import validate, ValidationError
import pytest
USER_SCHEMA = {
"type": "object",
"required": ["id", "name", "email", "created_at"],
"properties": {
"id": {"type": "string"},
"name": {"type": "string"},
"email": {"type": "string", "format": "email"},
"status": {"type": "string", "enum": ["active", "inactive"]},
"created_at": {"type": "string", "format": "date-time"}
},
"additionalProperties": False
}
def test_user_response_matches_schema(auth_headers, test_user):
"""User response matches expected schema."""
response = requests.get(
f"{BASE_URL}/users/{test_user['id']}",
headers=auth_headers
)
data = response.json()["data"]
validate(instance=data, schema=USER_SCHEMA) # Raises if invalid
# Using schemathesis for auto-generated tests
# pip install schemathesis
# schemathesis run openapi.yaml --base-url https://api.example.com
5. Load Testing
Locust:
# locustfile.py
from locust import HttpUser, task, between
class APIUser(HttpUser):
wait_time = between(1, 3)
def on_start(self):
"""Authenticate on start."""
self.client.headers = {"Authorization": "Bearer test-token"}
@task(3)
def list_users(self):
"""Most common operation."""
self.client.get("/users")
@task(2)
def get_user(self):
self.client.get("/users/123")
@task(1)
def create_user(self):
self.client.post("/users", json={
"name": "Load Test User",
"email": f"load-{time.time()}@test.com"
})
# Run: locust -f locustfile.py --host=https://api.example.com
6. API Test Checklist
## Endpoint Test Checklist
### Happy Path
- [ ] Returns correct status code
- [ ] Returns expected data
- [ ] Response matches schema
- [ ] Pagination works correctly
- [ ] Filtering works correctly
- [ ] Sorting works correctly
### Error Cases
- [ ] Missing required fields → 400
- [ ] Invalid field values → 400
- [ ] Resource not found → 404
- [ ] Duplicate resource → 409
- [ ] Unauthorized → 401
- [ ] Forbidden → 403
### Edge Cases
- [ ] Empty request body
- [ ] Very large payloads
- [ ] Special characters in input
- [ ] Unicode/emoji handling
- [ ] Boundary values (min/max)
### Security
- [ ] Auth required
- [ ] Cannot access others' resources
- [ ] Rate limiting works
- [ ] Input sanitization
- [ ] No sensitive data in errors
### Performance
- [ ] Response time acceptable
- [ ] No N+1 queries
- [ ] Handles concurrent requests
7. cURL Test Commands
# GET request
curl -X GET "https://api.example.com/v1/users" \
-H "Authorization: Bearer TOKEN"
# POST with JSON
curl -X POST "https://api.example.com/v1/users" \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "John", "email": "[email protected]"}'
# PUT update
curl -X PUT "https://api.example.com/v1/users/123" \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "Updated Name"}'
# DELETE
curl -X DELETE "https://api.example.com/v1/users/123" \
-H "Authorization: Bearer TOKEN"
# With verbose output
curl -v -X GET "https://api.example.com/v1/users"
Output Format
Provide:
- Test file structure
- Test cases for all scenarios
- Fixtures and setup
- Run instructions
- Expected results
Related Skills
ViggyV/stable-baselines3
data-ai
VerifiedTrustedCommunity
Use this skill for reinforcement learning tasks including training RL agents (PPO, SAC, DQN, TD3, DDPG, A2C, etc.), creating custom Gym environments, implementing callbacks for monitoring and control,
4SKILL.mdUpdated Apr 18, 2026
ViggyV/SQL Optimizer
testing
VerifiedTrustedCommunity
You are an expert at optimizing SQL queries for performance and efficiency.
4SKILL.mdUpdated Apr 18, 2026
ViggyV/slack-gif-creator
tools
VerifiedTrustedCommunity
Knowledge and utilities for creating animated GIFs optimized for Slack. Provides constraints, validation tools, and animation concepts. Use when users request animated GIFs for Slack like "make me a G
4SKILL.mdUpdated Apr 18, 2026
ViggyV/ios-simulator-skill
tools
VerifiedTrustedCommunity
21 production-ready scripts for iOS app testing, building, and automation. Provides semantic UI navigation, build automation, accessibility testing, and simulator lifecycle management. Optimized for A
4SKILL.mdUpdated Apr 18, 2026