back
loading skill details...
>-
API Security Router This is the routing entry point for API security testing. Use this skill first to decide whether the API issue is mostly recon/docs, object authorization, token trust, or GraphQL/hidden parameters, then route to a deeper topic skill. When to Use The target exposes REST APIs, mobile backends, or GraphQL endpoints You need to define API testing order before going into specific topics You want to handle object authorization, JWT, GraphQL, and hidden fields as separate tracks Skill Map API Recon and Docs: OpenAPI, Swagger, version drift, hidden documentation API Authorization and BOLA: BOLA, BFLA, method abuse, hidden writable fields API Auth and JWT Abuse: bearer token, header trust, claim abuse, rate-limit bypass GraphQL and Hidden Parameters: introspection, batching, undocumented fields, hidden parameters
don't have the plugin yet? install it then click "run inline in claude" again.