DiscordSign up
SKILLS.SH

api-sec

>-

INSTALLATION
npx skills add https://github.com/yaklang/hack-skills --skill api-sec
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$27

Quick Triage

Observation

Route

Swagger or OpenAPI is present

api-recon-and-docs

IDs appear in URL, JSON, headers, or GraphQL args

api-authorization-and-bola

JWT token visible in traffic

api-auth-and-jwt-abuse

/graphql or batched JSON arrays are present

graphql-and-hidden-parameters

Registration, login, or profile updates accept extra fields

api-authorization-and-bola then api-auth-and-jwt-abuse

Recommended Flow

  • Start with exposed endpoints and documentation assets
  • Then evaluate object-level and function-level authorization
  • Then evaluate token, header, signature, and rate-limit boundaries
  • If GraphQL or complex JSON is present, continue with hidden fields and schema abuse

Related Categories

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

azure-compliance
3/3

Azure compliance scanning, Key Vault expiration auditing, and resource configuration validation. Runs azqr (Azure Quick Review) for comprehensive compliance assessment against best practices across subscriptions and resource groups Monitors Key Vault keys, secrets, and certificates for expiration dates and identifies items without expiration policies Detects orphaned, misconfigured, and non-compliant resources using Resource Graph queries Classifies findings by priority (Critical, High, Medium, Low) with remediation guidance for each issue

Verified authormicrosoft
SKILLS.SH
293K1.1K
2026-05-22
openclaw-secure-linux-cloud
1/3

Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or…

xixu-me
SKILLS.SH
150K53
2026-05-22
entra-agent-id
3/3

Provision Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph, and configure OAuth 2.0 token…

Verified authormicrosoft
SKILLS.SH
59.1K1.1K
2026-05-21
firebase-security-rules-auditor
3/3

A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…

firebase
SKILLS.SH
23.5K292
2026-05-21

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card