Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

andretauan/tao-api-design

Name: tao-api-design
Author: andretauan

skills/en/tao-api-design/SKILL.md

npx skillsauth add andretauan/tao tao-api-design

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

TAO API Design Guide

When to use

Use when designing REST APIs, defining endpoint contracts, or reviewing API consistency.

URL Convention

GET    /api/v1/users          # List (collection)
POST   /api/v1/users          # Create
GET    /api/v1/users/:id      # Read (single)
PUT    /api/v1/users/:id      # Full update
PATCH  /api/v1/users/:id      # Partial update
DELETE /api/v1/users/:id      # Delete
GET    /api/v1/users/:id/orders  # Nested resource

Rules:

Nouns (plural), not verbs: /users, NOT /getUsers
Lowercase, hyphens: /order-items, NOT /orderItems
No trailing slashes
No file extensions in URLs

HTTP Status Codes

| Code | When | |------|------| | 200 | Success (GET, PUT, PATCH) | | 201 | Created (POST) | | 204 | No Content (DELETE) | | 400 | Bad request (validation error) | | 401 | Unauthorized (no/invalid auth) | | 403 | Forbidden (auth OK, no permission) | | 404 | Not found | | 409 | Conflict (duplicate) | | 422 | Unprocessable entity (semantic error) | | 429 | Too many requests (rate limit) | | 500 | Internal server error |

Error Response Format

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Email is required",
    "details": [
      { "field": "email", "issue": "required" }
    ]
  }
}

Pagination

GET /api/v1/users?page=2&per_page=20

Response headers:
X-Total-Count: 150
Link: <...?page=3>; rel="next", <...?page=1>; rel="prev"

Response body:
{
  "data": [...],
  "meta": { "page": 2, "per_page": 20, "total": 150, "pages": 8 }
}

Filtering, Sorting, Search

GET /api/v1/users?status=active&role=admin    # Filter
GET /api/v1/users?sort=-created_at,name       # Sort (- = desc)
GET /api/v1/users?q=john                      # Search

Versioning

URL path: /api/v1/users (recommended)
Header: Accept: application/vnd.api+json;version=1
Never break existing clients — add, don't change

Security Checklist

[ ] Authentication on all non-public endpoints
[ ] Rate limiting per client/IP
[ ] Input validation + sanitization
[ ] No sensitive data in URLs (use body/headers)
[ ] CORS configured correctly

andretauan/tao-api-design

skills/en/tao-api-design/SKILL.md

RESTful API design conventions including endpoint naming, HTTP methods, status codes, pagination, error handling, and versioning patterns. Use when designing APIs, creating endpoints, or reviewing API contracts.

18 stars

development

Updated Apr 23, 2026

$ install --global

skillsauth

npx skillsauth add andretauan/tao tao-api-design

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 23, 2026, 2:26 PM175.3s1 file scanned

SKILL.md

name:: tao-api-design
description:: RESTful API design conventions including endpoint naming, HTTP methods, status codes, pagination, error handling, and versioning patterns. Use when designing APIs, creating endpoints, or reviewing API contracts.
user-invocable:: false

TAO API Design Guide

When to use

Use when designing REST APIs, defining endpoint contracts, or reviewing API consistency.

URL Convention

GET    /api/v1/users          # List (collection)
POST   /api/v1/users          # Create
GET    /api/v1/users/:id      # Read (single)
PUT    /api/v1/users/:id      # Full update
PATCH  /api/v1/users/:id      # Partial update
DELETE /api/v1/users/:id      # Delete
GET    /api/v1/users/:id/orders  # Nested resource

Rules:

Nouns (plural), not verbs: /users, NOT /getUsers
Lowercase, hyphens: /order-items, NOT /orderItems
No trailing slashes
No file extensions in URLs

HTTP Status Codes

Error Response Format

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Email is required",
    "details": [
      { "field": "email", "issue": "required" }
    ]
  }
}

Pagination

GET /api/v1/users?page=2&per_page=20

Response headers:
X-Total-Count: 150
Link: <...?page=3>; rel="next", <...?page=1>; rel="prev"

Response body:
{
  "data": [...],
  "meta": { "page": 2, "per_page": 20, "total": 150, "pages": 8 }
}

Filtering, Sorting, Search

GET /api/v1/users?status=active&role=admin    # Filter
GET /api/v1/users?sort=-created_at,name       # Sort (- = desc)
GET /api/v1/users?q=john                      # Search

Versioning

URL path: /api/v1/users (recommended)
Header: Accept: application/vnd.api+json;version=1
Never break existing clients — add, don't change

Security Checklist

[ ] Authentication on all non-public endpoints
[ ] Rate limiting per client/IP
[ ] Input validation + sanitization
[ ] No sensitive data in URLs (use body/headers)
[ ] CORS configured correctly

Related Skills

andretauan/tao-test-strategy

testing

VerifiedTrustedCommunity

Estratégia de pirâmide de testes com análise de cobertura, identificação de edge cases e planejamento de testes. Use ao planejar testes, melhorar cobertura, identificar edge cases ou escrever especificações de teste.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-test-strategy

andretauan/tao-security-audit

development

VerifiedTrustedCommunity

Auditoria de segurança alinhada ao OWASP Top 10 com checklist para injection, XSS, autenticação, autorização, gestão de secrets e vulnerabilidades comuns. Use ao auditar segurança, revisar código de auth ou hardening de aplicação.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-security-audit

andretauan/tao-refactoring

development

VerifiedTrustedCommunity

Metodologia de refatoração segura com detecção de code smells, transformação passo-a-passo e prevenção de regressão. Use ao refatorar código, reduzir dívida técnica ou melhorar estrutura.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-refactoring

andretauan/tao-plan-writing

testing

VerifiedTrustedCommunity

Decomposição expert de tarefas para criar PLAN.md no TAO. Quebra features em fases e tarefas com critérios de aceite, estimativas e dependências. Use ao planejar trabalho, criar fases ou decompor features.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-plan-writing

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/andretauan/tao.git

# Copy into Claude Code skills folder (global)
cp -r tao/skills/en/tao-api-design ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

andretauan/tao

18 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT