Agent skill

api-security

API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.

View SKILL.md on GitHub Repository

Stars 129

Forks 20

Install this agent skill to your Project

npx add-skill https://github.com/transilienceai/communitytools/tree/main/projects/pentest/.claude/skills/api-security

SKILL.md

API Security

Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.

Techniques

Type	Key Vectors
GraphQL	Introspection, batching attacks, nested query DoS, field suggestion
REST API	BOLA/IDOR, mass assignment, rate limiting, auth bypass, versioning
WebSocket	Cross-site hijacking, message manipulation, auth flaws
Web-LLM	Prompt injection via API, excessive agency, data exfiltration

Workflow

Discover API endpoints and documentation (Swagger, GraphQL schema)
Map authentication and authorization mechanisms
Test per API type using appropriate techniques
Validate data exposure and access control flaws
Capture evidence with HTTP request/response logs

Reference

reference/graphql*.md - GraphQL attack techniques and labs
reference/api-testing*.md - REST API security testing guide
reference/websockets*.md - WebSocket vulnerability testing
reference/web-llm*.md - Web-LLM attack techniques and labs

Maintainer

transilienceai Core maintainer

Source details

Full Name: transilienceai/communitytools
Branch: main
Path in repo: projects/pentest/.claude/skills/api-security
License: MIT License
Topics: security security-tools bounty-hunters hackerone pentest pentest-tool security-research

Featured Tools

Join Our Newsletter

Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

transilienceai/communitytools

techstack-identification

OSINT-based technology stack identification. Discovers company tech stacks using passive reconnaissance across 17 intelligence domains. Given a company name (and optional domain hint), infers frontend, backend, infrastructure, and security technologies using publicly available signals.

129 20

Explore

transilienceai/communitytools

conflict_resolver

129 20

Explore

transilienceai/communitytools

web-archive-analysis

Uses Wayback Machine to detect technology migrations over time

129 20

Explore

transilienceai/communitytools

evidence_formatter

129 20

Explore

transilienceai/communitytools

signal_correlator

129 20

Explore

transilienceai/communitytools

dns-intelligence

Extracts technology signals from DNS records (MX, TXT, NS, CNAME, SRV)

129 20

Explore

Didn't find tool you were looking for?

Search AI Tools

Install this agent skill to your Project

SKILL.md

API Security

Techniques

Workflow

Reference

Recommended Agent Skills

techstack-identification

conflict_resolver

web-archive-analysis

evidence_formatter

signal_correlator

dns-intelligence