API Security Review Skill
Skill AktivAPI security checklist for reviewing endpoints before deployment. Use when creating or modifying API routes to ensure proper authentication, authorization, and input validation.
To ensure API endpoints adhere to security best practices by providing a comprehensive checklist and concrete implementation examples for developers.
Funktionen
- API security checklist for pre-deployment review
- Code examples for authentication and authorization
- Guidance on input validation and output safety
- Best practices for security logging and error handling
- Framework-specific implementations (Next.js, Express, FastAPI, Django)
Anwendungsfälle
- Before merging API changes in a PR
- When creating new API endpoints
- During security audits of API routes
- To ensure secure data handling and access control
Nicht-Ziele
- Implementing the security controls directly
- Replacing dedicated security auditing tools
- Providing platform-specific deployment guidance
Praktiken
- API Security
- Secure Coding
- Input Validation
- Authorization
- Authentication
Trust
- info:Issues AttentionThere were 4 issues opened and 0 closed in the last 90 days, indicating a low level of recent issue engagement.
Versioning
- warning:Release ManagementThere is no clear versioning signal (e.g., SKILL.md frontmatter version, GitHub release tags, or CHANGELOG.md), and installation instructions point to 'main'.
Installation
npx skills add bobmatnyc/claude-mpm-skillsFührt das Vercel skills CLI (skills.sh) via npx aus — benötigt Node.js lokal und mindestens einen installierten skills-kompatiblen Agent (Claude Code, Cursor, Codex, …). Setzt voraus, dass das Repo dem agentskills.io-Format folgt.
Qualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Netlify Identity
100Verwenden Sie dies, wenn die Aufgabe Authentifizierung, Benutzerregistrierungen, Anmeldungen, Passwortwiederherstellung, OAuth-Anbieter, rollenbasierte Zugriffskontrolle oder den Schutz von Routen und Funktionen beinhaltet. Verwenden Sie immer `@netlify/identity`. Verwenden Sie niemals `netlify-identity-widget` oder `gotrue-js` – diese sind veraltet.
Auth0 Express OAuth2 JWT Bearer
100Use when adding Auth0 token validation to Express or Node.js APIs - integrates express-oauth2-jwt-bearer SDK to protect Node.js API endpoints with JWT Bearer authentication, scope-based RBAC, claim validation, and optional DPoP support
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
Aws Cdk Development
100AWS Cloud Development Kit (CDK) Experte für den Aufbau von Cloud-Infrastruktur mit TypeScript/Python. Verwenden Sie dies beim Erstellen von CDK-Stacks, Definieren von CDK-Konstrukten, Implementieren von Infrastructure as Code oder wenn der Benutzer CDK, CloudFormation, IaC, cdk synth, cdk deploy erwähnt oder AWS-Infrastruktur programmatisch definieren möchte. Behandelt CDK-App-Struktur, Konstruktmuster, Stack-Komposition und Bereitstellungs-Workflows.
Cleanup Cycles
100Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".
Better Auth Integrations
99Better Auth framework integrations for TypeScript. Use when wiring route handlers in Next.js, SvelteKit, Remix, Express, Hono, or other web frameworks.