alirezarezvani/api-documenter
skills/documentation/api-documenter/SKILL.md
Auto-generate API documentation from code and comments. Use when API endpoints change, or user mentions API docs. Creates OpenAPI/Swagger specs from code. Triggers on API file changes, documentation requests, endpoint additions.
$ install --global
skillsauthnpx skillsauth add alirezarezvani/claude-code-tresor api-documenterInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:21 PM1.8s1 file scanned
SKILL.md
- name:
- api-documenter
- description:
- Auto-generate API documentation from code and comments. Use when API endpoints change, or user mentions API docs. Creates OpenAPI/Swagger specs from code. Triggers on API file changes, documentation requests, endpoint additions.
- allowed-tools:
- Read, Write, Grep
API Documenter Skill
Auto-generate API documentation from code.
When I Activate
- ✅ API endpoints added/modified
- ✅ User mentions API docs, OpenAPI, or Swagger
- ✅ Route files changed
- ✅ Controller files modified
- ✅ Documentation needed
What I Generate
OpenAPI 3.0 Specifications
- Endpoint descriptions
- Request/response schemas
- Authentication requirements
- Example payloads
- Error responses
Formats Supported
- OpenAPI 3.0 (JSON/YAML)
- Swagger 2.0
- API Blueprint
- RAML
Examples
Express.js Endpoint
// You write:
/**
* Get user by ID
* @param {string} id - User ID
* @returns {User} User object
*/
app.get('/api/users/:id', async (req, res) => {
const user = await User.findById(req.params.id);
res.json(user);
});
// I auto-generate OpenAPI spec:
paths:
/api/users/{id}:
get:
summary: Get user by ID
parameters:
- name: id
in: path
required: true
description: User ID
schema:
type: string
responses:
'200':
description: User found
content:
application/json:
schema:
$ref: '#/components/schemas/User'
example:
id: "123"
name: "John Doe"
email: "[email protected]"
'404':
description: User not found
FastAPI Endpoint
# You write:
@app.get("/users/{user_id}")
def get_user(user_id: int) -> User:
"""Get user by ID"""
return db.query(User).filter(User.id == user_id).first()
// I auto-generate:
paths:
/users/{user_id}:
get:
summary: Get user by ID
parameters:
- name: user_id
in: path
required: true
schema:
type: integer
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/User'
Complete OpenAPI Document
openapi: 3.0.0
info:
title: User API
version: 1.0.0
description: API for user management
servers:
- url: https://api.example.com/v1
paths:
/api/users:
get:
summary: List all users
responses:
'200':
description: Users array
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/User'
components:
schemas:
User:
type: object
properties:
id:
type: string
name:
type: string
email:
type: string
format: email
Detection Logic
Framework Detection
I recognize these frameworks automatically:
- Express.js (Node.js)
- FastAPI (Python)
- Django REST (Python)
- Spring Boot (Java)
- Gin (Go)
- Rails (Ruby)
Comment Parsing
I extract documentation from:
- JSDoc comments (
/** */) - Python docstrings
- JavaDoc
- Inline comments with decorators
Documentation Enhancement
Missing Information
// Your code:
app.post('/api/users', (req, res) => {
User.create(req.body);
});
// I suggest additions:
/**
* Create new user
* @param {Object} req.body - User data
* @param {string} req.body.name - User name (required)
* @param {string} req.body.email - User email (required)
* @returns {User} Created user
* @throws {400} Invalid input
* @throws {409} Email already exists
*/
Example Generation
I generate realistic examples:
{
"id": "usr_1234567890",
"name": "John Doe",
"email": "[email protected]",
"createdAt": "2025-10-24T10:30:00Z",
"verified": true
}
Relationship with @docs-writer
Me (Skill): Auto-generate API specs from code @docs-writer (Sub-Agent): Comprehensive user guides and tutorials
Workflow
- I generate OpenAPI spec
- You need user guide → Invoke @docs-writer sub-agent
- Sub-agent creates complete documentation site
Integration
With Swagger UI
// app.js
const swaggerUi = require('swagger-ui-express');
const spec = require('./openapi.json'); // Generated by skill
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(spec));
With Postman
Export generated OpenAPI spec:
# Import into Postman for API testing
File → Import → openapi.json
With Documentation Sites
- Docusaurus: API docs plugin
- MkDocs: OpenAPI plugin
- Redoc: OpenAPI renderer
- Stoplight: API design platform
Customization
Add company-specific documentation standards:
cp -r ~/.claude/skills/documentation/api-documenter \
~/.claude/skills/documentation/company-api-documenter
# Edit to add:
# - Company API standards
# - Custom response formats
# - Internal schemas
Sandboxing Compatibility
Works without sandboxing: ✅ Yes Works with sandboxing: ✅ Yes
- Filesystem: Writes OpenAPI files
- Network: None required
- Configuration: None required
Best Practices
- Keep comments updated - Documentation follows code
- Use type hints - TypeScript, Python types help
- Include examples - Real-world request/response
- Document errors - All possible error responses
- Version your API - Include version in endpoints
Related Tools
- @docs-writer sub-agent: User guides and tutorials
- readme-updater skill: Keep README current
- /docs-gen command: Full documentation generation
Related Skills
alirezarezvani/security-auditor
development
VerifiedTrustedCommunity
Continuous security vulnerability scanning for OWASP Top 10, common vulnerabilities, and insecure patterns. Use when reviewing code, before deployments, or on file changes. Scans for SQL injection, XSS, secrets exposure, auth issues. Triggers on file changes, security mentions, deployment prep.
662SKILL.mdUpdated Apr 3, 2026
alirezarezvani/secret-scanner
development
VerifiedTrustedCommunity
Detect exposed secrets, API keys, credentials, and tokens in code. Use before commits, on file saves, or when security is mentioned. Prevents accidental secret exposure. Triggers on file changes, git commits, security checks, .env file modifications.
662SKILL.mdUpdated Apr 3, 2026
alirezarezvani/dependency-auditor
testing
VerifiedTrustedCommunity
Check dependencies for known vulnerabilities using npm audit, pip-audit, etc. Use when package.json or requirements.txt changes, or before deployments. Alerts on vulnerable dependencies. Triggers on dependency file changes, deployment prep, security mentions.
662SKILL.mdUpdated Apr 3, 2026
alirezarezvani/readme-updater
development
VerifiedTrustedCommunity
Keep README files current with project changes. Use when project structure changes, features added, or setup instructions modified. Suggests README updates based on code changes. Triggers on significant project changes, new features, dependency changes.
662SKILL.mdUpdated Apr 3, 2026