nickcrew/openapi-specification
skills/openapi-specification/SKILL.md
OpenAPI 3.x specification design, schema patterns, and validation for REST API contracts. Use when creating or maintaining API specifications, generating documentation, or validating API contracts.
$ install --global
skillsauthnpx skillsauth add nickcrew/claude-cortex openapi-specificationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:29 PM4.4s2 files scanned
SKILL.md
- name:
- openapi-specification
- description:
- OpenAPI 3.x specification design, schema patterns, and validation for REST API contracts. Use when creating or maintaining API specifications, generating documentation, or validating API contracts.
- tags:
- [openapi, swagger, api, documentation, rest]
OpenAPI Specification
Design, validate, and maintain OpenAPI 3.x specifications for REST API contracts. Covers schema patterns, security schemes, versioning, and code generation integration.
When to Use This Skill
- Creating a new OpenAPI specification from scratch
- Adding endpoints or schemas to an existing spec
- Reviewing or validating an API contract for correctness
- Setting up code generation from OpenAPI definitions
- Designing reusable schema components for large APIs
- Implementing security schemes in API specifications
- Managing API versioning and deprecation
Quick Reference
| Resource | Purpose | Load when |
|----------|---------|-----------|
| references/spec-patterns.md | Schema patterns, security schemes, validation, versioning, reusable components | Designing or reviewing specs |
Workflow
Phase 1: Design → Define API overview, resources, and operations
Phase 2: Schema → Build data models with reusable components
Phase 3: Validate → Lint and verify the spec for correctness
Phase 4: Integrate → Generate docs, SDKs, and contract tests
Phase 1: API Design
Start with a high-level design before writing the spec:
- Identify resources -- what nouns does this API expose?
- Map operations -- what CRUD and custom actions apply to each resource?
- Define relationships -- how do resources reference each other?
- Plan authentication -- what security schemes are needed?
- Set conventions -- naming style, pagination, error format
Spec Skeleton
openapi: 3.1.0
info:
title: [API Name]
version: 1.0.0
description: [What this API does]
paths:
/resources:
get:
summary: List resources
operationId: listResources
post:
summary: Create a resource
operationId: createResource
/resources/{id}:
get:
summary: Get a resource
operationId: getResource
components:
schemas: {}
securitySchemes: {}
Phase 2: Schema Design
Build data models using components/schemas for reuse:
- Use
$refto reference shared schemas -- never duplicate definitions - Apply
allOffor composition,oneOf/anyOffor polymorphism - Add
examplevalues to every schema and property - Use
requiredarrays explicitly -- don't rely on implicit behavior - Document nullable fields with
type: [string, "null"](3.1) ornullable: true(3.0)
Phase 3: Validate
Run validation before committing any spec changes:
# Spectral (recommended)
spectral lint openapi.yaml
# Redocly
redocly lint openapi.yaml
# swagger-cli
swagger-cli validate openapi.yaml
Common Validation Issues
| Issue | Fix |
|-------|-----|
| Missing operationId | Add unique operationId to every operation |
| Unused schema | Remove from components or add a $ref |
| Missing response description | Add description to every response code |
| Path parameter not in path | Match {param} in path with parameter definition |
| No 2xx response defined | Add at least one success response per operation |
Phase 4: Integrate
Use the validated spec to generate downstream artifacts:
- Documentation: Redoc, Swagger UI, Stoplight
- Client SDKs: openapi-generator, autorest, orval
- Server stubs: openapi-generator with server templates
- Contract tests: Schemathesis, Dredd, Prism
Quality Checklist
- [ ] All paths have operationIds
- [ ] HTTP methods match resource actions (GET reads, POST creates, etc.)
- [ ] Every response has a description and schema
- [ ] Security requirements defined at operation or global level
- [ ] Examples provided for request and response bodies
- [ ] Consistent naming conventions (camelCase, snake_case -- pick one)
- [ ] Deprecation fields set on sunset endpoints
- [ ] Spec passes linter with zero errors
Anti-Patterns
- Do not inline schemas -- use
$reftocomponents/schemasfor anything reused - Do not mix API versions in a single spec file
- Do not use
200 OKfor create operations -- use201 Created - Do not omit error response schemas -- document
4xxand5xxconsistently - Do not use
additionalProperties: truewithout clear justification
Related Skills
nickcrew/product-strategy
development
VerifiedTrustedCommunity
Product vision, roadmap development, and go-to-market execution with structured prioritization frameworks. Use when evaluating features, planning product direction, or assessing market fit.
15SKILL.mdUpdated Apr 7, 2026
nickcrew/agent-loops
development
VerifiedTrustedCommunity
Complete operational workflow for implementer agents (Codex, Gemini, etc.) making code changes and writing tests. Drives all work through atomic commits — each loop operates on the smallest complete, reviewable change. Defines the Code Change Loop, Test Writing Loop, Lint Gate, and Issue Filing process with circuit breakers, severity levels, and escalation rules. Requires `cortex git commit` for all commits. Includes bundled provider-aware review scripts that keep same-model shell-outs as the last resort, plus a fresh-context Codex fallback for code review and test audit. Use this skill when starting any implementation task.
15SKILL.mdUpdated Apr 7, 2026
nickcrew/product-manager
development
VerifiedTrustedCommunity
Use this skill when writing product requirements documents, prioritizing features, creating user stories, defining acceptance criteria, or setting product metrics. Trigger phrases: 'write a PRD for', 'prioritize this feature backlog', 'write user stories for', 'help me define acceptance criteria', 'what metrics should we track for'. Not for writing code, designing UI mockups, or conducting user research interviews.
13SKILL.mdUpdated Apr 7, 2026
nickcrew/playwright-cli
tools
VerifiedTrustedCommunity
Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.
13SKILL.mdUpdated Apr 7, 2026