skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
yaklang/hack-skills2.1k installs

api-sec

Entry P1 category router for API security. Use when choosing between API recon, authorization, token abuse, and hidden-parameter workflows before any deeper API topic skill.

How do I install this agent skill?

npx skills add https://github.com/yaklang/hack-skills --skill api-sec
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill is a purely informational router for API security workflows. It contains no executable code or external dependencies and serves to guide the agent to other specialized skills.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

  • ZeroLeakspass

    Score: 93/100 · 2 sections analyzed

What does this agent skill do?

API Security Router

This is the routing entry point for API security testing.

Use this skill first to decide whether the API issue is mostly recon/docs, object authorization, token trust, or GraphQL/hidden parameters, then route to a deeper topic skill.

When to Use

  • The target exposes REST APIs, mobile backends, or GraphQL endpoints
  • You need to define API testing order before going into specific topics
  • You want to handle object authorization, JWT, GraphQL, and hidden fields as separate tracks

Skill Map

Quick Triage

ObservationRoute
Swagger or OpenAPI is presentapi-recon-and-docs
IDs appear in URL, JSON, headers, or GraphQL argsapi-authorization-and-bola
JWT token visible in trafficapi-auth-and-jwt-abuse
/graphql or batched JSON arrays are presentgraphql-and-hidden-parameters
Registration, login, or profile updates accept extra fieldsapi-authorization-and-bola then api-auth-and-jwt-abuse

Recommended Flow

  1. Start with exposed endpoints and documentation assets
  2. Then evaluate object-level and function-level authorization
  3. Then evaluate token, header, signature, and rate-limit boundaries
  4. If GraphQL or complex JSON is present, continue with hidden fields and schema abuse

Related Categories

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/yaklang/hack-skills/api-sec">View api-sec on skillZs</a>