Stats
Actions
Tags
From communitytools
Tests API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and Web-LLM APIs. Covers introspection, BOLA/IDOR, rate limiting, auth bypass, cross-site hijacking, and prompt injection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/communitytools:api-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.
reference/INDEX.mdreference/api-security-principles.mdreference/graphql-resources.mdreference/owasp-api-top10-coverage.mdreference/scenarios/graphql/auth-bypass-and-injection.mdreference/scenarios/graphql/csrf-and-content-type.mdreference/scenarios/graphql/dos-and-batching.mdreference/scenarios/graphql/endpoint-discovery.mdreference/scenarios/graphql/idor-and-mass-enumeration.mdreference/scenarios/graphql/introspection-and-bypass.mdreference/scenarios/graphql/rate-limit-bypass.mdreference/scenarios/graphql/schema-reconstruction.mdreference/scenarios/mcp/inspector-stdio-rce.mdreference/scenarios/rest/api-recon-and-discovery.mdreference/scenarios/rest/content-type-confusion-xxe.mdreference/scenarios/rest/cors-misconfiguration.mdreference/scenarios/rest/exposed-documentation.mdreference/scenarios/rest/https-downgrade-redirect-hsts.mdreference/scenarios/rest/mass-assignment.mdreference/scenarios/rest/mattermost-slash-command-dialog-hijack.mdTest API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.
| Type | Key Vectors |
|---|---|
| GraphQL | Introspection, batching attacks, nested query DoS, field suggestion |
| REST API | BOLA/IDOR, mass assignment, rate limiting, auth bypass, versioning |
| WebSocket | Cross-site hijacking, message manipulation, auth flaws |
| Web-LLM | Prompt injection via API, excessive agency, data exfiltration |
reference/graphql*.md - GraphQL attack techniques and labsreference/scenarios/rest/*.md - REST API security testing (BOLA/BOPLA, mass assignment, SSPP, content-type confusion)reference/websockets*.md - WebSocket vulnerability testingreference/web-llm*.md - Web-LLM attack techniques and labsnpx claudepluginhub transilienceai/communitytoolsGuides API security testing for REST and GraphQL APIs, covering discovery, authentication, authorization, input validation, rate limiting, and error handling.
Conducts security testing of REST, GraphQL, and gRPC APIs using the OWASP API Security Top 10 framework. Tests authentication, authorization, rate limiting, input validation, and business logic vulnerabilities.
Conducts security testing of REST, GraphQL, and gRPC APIs using the OWASP API Security Top 10 framework. Tests authentication, authorization, rate limiting, input validation, and business logic vulnerabilities.