Stats
Actions
Tags
From patchman
Review an authorized API surface for access control, mass assignment, schema validation, rate limiting, SSRF, error leakage, webhook verification, and unsafe defaults. Use for REST, GraphQL, RPC, and webhook handlers.
How this skill is triggered — by the user, by Claude, or both
Slash command
/patchman:api-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- route, resolver, and webhook authorization
Prioritize externally reachable issues and admin-facing paths first.
npx claudepluginhub muhammedzohaib/patchman --plugin patchmanAudits REST, GraphQL, and RPC APIs against OWASP API Security Top 10, focusing on BOLA, authentication, and access control.
Review API security including authentication, authorization, rate limiting, input validation, and data exposure.
Identifies OWASP API Security Top 10 (2023) vulnerabilities like BOLA in REST, GraphQL, gRPC APIs during audits, with code examples and detection patterns for Express, Flask, Spring Boot, Go.