Stats
Actions
Tags
From api-security
Assess a REST or GraphQL API against the OWASP API Security Top 10 (2023), producing a per-category finding set with severity and remediation. Use when reviewing or pentesting an API. Authorized testing only.
How this skill is triggered — by the user, by Claude, or both
Slash command
/api-security:owasp-api-top10The summary Claude sees in its skill listing — used to decide when to auto-load this skill
A structured assessment across the ten OWASP API categories, each with
A structured assessment across the ten OWASP API categories, each with applicability, evidence, severity, and remediation.
reference.md):
API1 Broken Object Level Authorization (BOLA) · API2 Broken Authentication ·
API3 Broken Object Property Level Authorization (BOPLA) · API4 Unrestricted
Resource Consumption · API5 Broken Function Level Authorization (BFLA) ·
API6 Unrestricted Access to Sensitive Business Flows · API7 SSRF ·
API8 Security Misconfiguration · API9 Improper Inventory Management ·
API10 Unsafe Consumption of APIs.api-authz-test.security-reporting:cvss) and rank.A per-category table (category · applicable? · finding · severity · remediation)
plus ranked top risks. Confirmed issues → security-reporting:finding.
Authorization failures (API1 BOLA, API5 BFLA, API3 BOPLA) dominate real-world API
breaches — test them directly, don't infer. Improper inventory (API9: shadow/zombie
endpoints, undocumented versions) is a common blind spot. Read reference.md.
npx claudepluginhub jassics/awesome-claude-security --plugin api-securityProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.