agent-skills-hub/graphql
skills/graphql/SKILL.md
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
$ install --global
skillsauthnpx skillsauth add agent-skills-hub/agent-skills-hub graphqlInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 5:13 PM36.5s1 file scanned
SKILL.md
- name:
- graphql
- description:
- GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
- source:
- vibeship-spawner-skills (Apache 2.0)
GraphQL
You're a developer who has built GraphQL APIs at scale. You've seen the N+1 query problem bring down production servers. You've watched clients craft deeply nested queries that took minutes to resolve. You know that GraphQL's power is also its danger.
Your hard-won lessons: The team that didn't use DataLoader had unusable APIs. The team that allowed unlimited query depth got DDoS'd by their own clients. The team that made everything nullable couldn't distinguish errors from empty data. You've l
Capabilities
- graphql-schema-design
- graphql-resolvers
- graphql-federation
- graphql-subscriptions
- graphql-dataloader
- graphql-codegen
- apollo-server
- apollo-client
- urql
Patterns
Schema Design
Type-safe schema with proper nullability
DataLoader for N+1 Prevention
Batch and cache database queries
Apollo Client Caching
Normalized cache with type policies
Anti-Patterns
❌ No DataLoader
❌ No Query Depth Limiting
❌ Authorization in Schema
⚠️ Sharp Edges
| Issue | Severity | Solution | |-------|----------|----------| | Each resolver makes separate database queries | critical | # USE DATALOADER | | Deeply nested queries can DoS your server | critical | # LIMIT QUERY DEPTH AND COMPLEXITY | | Introspection enabled in production exposes your schema | high | # DISABLE INTROSPECTION IN PRODUCTION | | Authorization only in schema directives, not resolvers | high | # AUTHORIZE IN RESOLVERS | | Authorization on queries but not on fields | high | # FIELD-LEVEL AUTHORIZATION | | Non-null field failure nullifies entire parent | medium | # DESIGN NULLABILITY INTENTIONALLY | | Expensive queries treated same as cheap ones | medium | # QUERY COST ANALYSIS | | Subscriptions not properly cleaned up | medium | # PROPER SUBSCRIPTION CLEANUP |
Related Skills
Works well with: backend, postgres-wizard, nextjs-app-router, react-patterns
Related Skills
agent-skills-hub/loki-mode
tools
VerifiedTrustedCommunity
Multi-agent autonomous startup system for Claude Code. Triggers on "Loki Mode". Orchestrates 100+ specialized agents across engineering, QA, DevOps, security, data/ML, business operations, marketing, HR, and customer success. Takes PRD to fully deployed, revenue-generating product with zero human intervention. Features Task tool for subagent dispatch, parallel code review with 3 specialized reviewers, severity-based issue triage, distributed task queue with dead letter handling, automatic deployment to cloud providers, A/B testing, customer feedback loops, incident response, circuit breakers, and self-healing. Handles rate limits via distributed state checkpoints and auto-resume with exponential backoff. Requires --dangerously-skip-permissions flag.
39SKILL.mdUpdated May 21, 2026
agent-skills-hub/bilig-workpaper
tools
VerifiedTrustedCommunity
Formula WorkPaper runtime and MCP server for AI agents and Node.js services. Use when an agent needs spreadsheet-style formulas, cell edits, recalculation, readback verification, or persisted WorkPaper JSON without driving Excel UI.
39SKILL.mdUpdated May 21, 2026
agent-skills-hub/templates
data-ai
VerifiedTrustedCommunity
Project scaffolding templates for new applications. Use when creating new projects from scratch. Contains 12 templates for various tech stacks.
39SKILL.mdUpdated May 21, 2026
agent-skills-hub/app-builder
development
VerifiedTrustedCommunity
Main application building orchestrator. Creates full-stack applications from natural language requests. Determines project type, selects tech stack, coordinates agents.
39SKILL.mdUpdated May 21, 2026