What vulnerabilities does the API Security Checker cover?

It covers the full OWASP Top 10 for APIs, including Broken Object Level Authorization (BOLA), Broken Authentication, Injection, and Security Misconfigurations.

Can this skill help me implement JWT correctly?

Yes, it provides best practices for JWT generation, short-lived access tokens, refresh token mechanisms, and secure verification logic.

Can I use this for rate limiting guidance?

Yes, the skill includes specific configurations for implementation-level rate limiting to prevent brute force attacks and resource exhaustion.

Does it provide code examples for specific frameworks?

The skill includes production-ready code patterns for Node.js and Express, covering middleware like Helmet, CORS, and various validation libraries.

How does it help with authorization issues?

It provides implementation patterns for checking resource ownership and Role-Based Access Control (RBAC) to ensure users can only access data they are authorized to see.

API Security Checker

Name: API Security Checker
Author: armanzeroeight

byarmanzeroeight

•

Security & Testing

Audits backend APIs to identify and remediate OWASP Top 10 vulnerabilities, authentication flaws, and authorization issues.

The API Security Checker is a specialized skill designed to help developers implement industry-standard security measures for their backend services. By focusing on the OWASP Top 10 framework, it identifies critical risks such as Broken Object Level Authorization (BOLA), SQL injection, and excessive data exposure while providing concrete 'Good vs. Bad' code implementation patterns. It is an essential companion for developers performing security audits, refactoring legacy code for better protection, or establishing robust authentication and authorization workflows in new API projects.

Key Features

01OWASP Top 10 vulnerability identification and remediation

02Comprehensive security headers and CORS configuration

03Implementation guides for Role-Based Access Control (RBAC)

04Secure authentication patterns for JWT and password hashing

0519 GitHub stars

06Input validation and sanitization using Joi and express-validator

Use Cases

01Implementing secure authentication and refresh token mechanisms

02Auditing existing REST APIs for common security vulnerabilities

03Securing sensitive data endpoints against unauthorized access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add armanzeroeight/fastagent-plugins api-security-checker

For use in Claude.ai and ChatGPT

Download Skill