abhiunix/api-endpoint-scaffolder
skills/development/api-endpoint-scaffolder/SKILL.md
Scaffolds REST API endpoints with route handler, validation, error handling, and tests. Use when asked to create a new API endpoint or route.
$ install --global
skillsauthnpx skillsauth add abhiunix/community-registry api-endpoint-scaffolderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 9, 2026, 4:08 AM68.5s2 files scanned
SKILL.md
- name:
- api-endpoint-scaffolder
- description:
- Scaffolds REST API endpoints with route handler, validation, error handling, and tests. Use when asked to create a new API endpoint or route.
- license:
- MIT
- allowed-tools:
- Read Glob Grep Edit Write Bash
API Endpoint Scaffolder
When asked to create a new API endpoint, follow this process:
Step 1: Detect Framework
Read the project to determine the framework in use:
- Express/Fastify — look for
app.get(),router.post(),package.jsondeps - Next.js App Router — look for
app/api/directory - Next.js Pages Router — look for
pages/api/directory - Hono/Elysia — check
package.json
Match the existing patterns and conventions in the codebase.
Step 2: Scaffold the Endpoint
Generate these files for each endpoint:
Route Handler
- Parse and validate request body/params/query using Zod or the project's validation library
- Return proper HTTP status codes (200, 201, 400, 404, 500)
- Include error handling with descriptive messages
- Add TypeScript types for request and response
Validation Schema
import { z } from "zod";
export const createUserSchema = z.object({
name: z.string().min(1).max(100),
email: z.string().email(),
});
export type CreateUserInput = z.infer<typeof createUserSchema>;
Response Format
Always use a consistent response envelope:
{
"success": true,
"data": { ... }
}
{
"success": false,
"error": { "message": "...", "code": "VALIDATION_ERROR" }
}
Step 3: Add Tests
Create a test file covering:
- Happy path (valid request returns expected response)
- Validation errors (invalid input returns 400)
- Not found (missing resource returns 404)
- Authentication (if endpoint is protected)
Rules
- Never hardcode secrets or connection strings
- Always validate all user input before processing
- Use parameterized queries for database operations, never string concatenation
- Log errors but don't expose internal details to the client
- Follow the existing project conventions for file placement and naming
Related Skills
abhiunix/threat-model
development
VerifiedTrustedCommunity
Generate a STRIDE-based threat model from codebase and architecture analysis. Identifies assets, trust boundaries, data flows, threats, and mitigations. Language-agnostic.
1SKILL.mdUpdated Mar 27, 2026
abhiunix/security-audit
development
VerifiedTrustedCommunity
Run a comprehensive security audit against a codebase. Covers OWASP Top 10, secrets exposure, dependency vulnerabilities, misconfigurations, and insecure patterns. Language-agnostic.
1SKILL.mdUpdated Mar 27, 2026
abhiunix/secure-code-review
development
VerifiedTrustedCommunity
Security-focused code review for staged changes or specified files. Checks for injection, auth flaws, crypto misuse, data exposure, and insecure patterns. Works with any language.
1SKILL.mdUpdated Mar 27, 2026
abhiunix/trello
development
VerifiedTrustedCommunity
Manage Trello boards, lists, and cards via the Trello REST API.
1SKILL.mdUpdated Mar 27, 2026