API Security Testing

Trust Score 71/100

A structured workflow for testing REST and GraphQL APIs covering discovery, authentication, authorization, input validation, rate limiting, and error handling.

triggers:api securityapi testinggraphQL testingauthenticationauthorizationrate limiting

GitHub SKILL.md

What it does

Provides a step-by-step API security testing workflow for REST and GraphQL endpoints. Covers endpoint discovery, authentication and authorization checks, input validation and injection testing, rate-limiting verification, GraphQL-specific checks, and error-handling assessments.

When to use it

Use during security reviews, bug bounty engagements, pre-release API audits, or when validating authentication/authorization and rate-limiting controls. Good for auditors and security engineers who need a repeatable checklist-driven approach.

What's included

Scripts: none detected (has_scripts=false) — the skill references other specialized skills for fuzzing and scanning.
References: none detected (has_references=false)
Instructions: phased workflow (discovery, auth testing, authorization, input validation, rate limiting, GraphQL testing, error handling), copy-paste prompts to invoke related skills, and a security checklist and quality gates.

Compatible agents

Intended for agents that can orchestrate security tools and invoke auxiliary skills (fuzzers, scanners) — e.g., security-focused assistant stacks or orchestrators that support invoking external tooling.

Audit Summary

A workflow-bundle skill for API security testing covering REST and GraphQL. Contains no scripts — purely a structured checklist with copy-paste prompts that delegate to other skills. Safe but shallow; the instructions are high-level lists without concrete methodology or tooling.

Watch Out

Delegates all actual work to other skills — only useful if those referenced skills are installed
No executable scripts; purely a reference/guide skill

Notes

Typical workflow-bundle from awesome-skills-cn: frontmatter present, phases outlined, but essentially a glorified checklist. No security concerns. Low code quality because there is no code — just vague instructional steps.

Information

Repository: awesome-skills-cn
Stars: 101
Installs: 0

Trust Score

Overall71

Security95

Code Quality42

Architecture55

Usefulness55

More from awesome-skills-cn

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

Ip2location IO Automation

Automates Ip2location IO workflows through Rube MCP: discover tools, manage connections, and execute schema-compliant operations.

Makepad Event/Action

Event and action handling patterns for Makepad widgets — guides handling Mouse/Touch/Keyboard events, Hit detection, action emission and parent capture.

Obsidian CLI (vault & plugin ops)

Command-line reference and usage patterns for the Obsidian CLI: read/create/append notes, search vaults, manage properties, and developer workflows for plugin r

Kickbox Automation (Rube MCP)

Automate Kickbox toolkit operations through Rube MCP (Composio): discover tools, manage connections, and execute schema-compliant Kickbox workflows safely.

TaskEither Quick Reference (fp-ts)

Concise cheat-sheet for fp-ts TaskEither: patterns for typed async error handling, composing Promises, and recoverable pipelines.

Memory Forensics

Guidance and practical commands for acquiring, analyzing, and extracting artifacts from volatile memory dumps for incident response and malware analysis.

Makepad Basics

Provides starter patterns, examples, and guidance for building Rust Makepad apps, including live_design/app_main patterns and common platform setup.

Reverse Engineer

Guides and checklists for binary reverse-engineering workflows (IDA, Ghidra, radare2, angr) including static/dynamic analysis phases and best practices.

Makepad Basics

Guides and examples for starting Makepad apps with makepad-widgets: project setup, live_design! DSL, app_main!, and basic event/widget patterns.

Related Skills

Development Worktree

Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

Full Stack Builder

End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Claw Bench

Benchmarking skill that guides an agent through a structured suite of capability tests and reporting steps for leaderboard submission.

Java 25 & Spring Boot 4 Code Reviewer

Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an

ArcKit — French Public Procurement (fr-marche-public)

Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d

API Security Testing

What it does

When to use it

What's included

Compatible agents