API Security Review Skill
Skill ActiveAPI security checklist for reviewing endpoints before deployment. Use when creating or modifying API routes to ensure proper authentication, authorization, and input validation.
To ensure API endpoints adhere to security best practices by providing a comprehensive checklist and concrete implementation examples for developers.
Features
- API security checklist for pre-deployment review
- Code examples for authentication and authorization
- Guidance on input validation and output safety
- Best practices for security logging and error handling
- Framework-specific implementations (Next.js, Express, FastAPI, Django)
Use Cases
- Before merging API changes in a PR
- When creating new API endpoints
- During security audits of API routes
- To ensure secure data handling and access control
Non-Goals
- Implementing the security controls directly
- Replacing dedicated security auditing tools
- Providing platform-specific deployment guidance
Practices
- API Security
- Secure Coding
- Input Validation
- Authorization
- Authentication
Trust
- info:Issues AttentionThere were 4 issues opened and 0 closed in the last 90 days, indicating a low level of recent issue engagement.
Versioning
- warning:Release ManagementThere is no clear versioning signal (e.g., SKILL.md frontmatter version, GitHub release tags, or CHANGELOG.md), and installation instructions point to 'main'.
Installation
npx skills add bobmatnyc/claude-mpm-skillsRuns the Vercel skills CLI (skills.sh) via npx — needs Node.js locally and at least one installed skills-compatible agent (Claude Code, Cursor, Codex, …). Assumes the repo follows the agentskills.io format.
Quality Score
Similar Extensions
Netlify Identity
100Use when the task involves authentication, user signups, logins, password recovery, OAuth providers, role-based access control, or protecting routes and functions. Always use `@netlify/identity`. Never use `netlify-identity-widget` or `gotrue-js` — they are deprecated.
Auth0 Express OAuth2 JWT Bearer
100Use when adding Auth0 token validation to Express or Node.js APIs - integrates express-oauth2-jwt-bearer SDK to protect Node.js API endpoints with JWT Bearer authentication, scope-based RBAC, claim validation, and optional DPoP support
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
Aws Cdk Development
100AWS Cloud Development Kit (CDK) expert for building cloud infrastructure with TypeScript/Python. Use when creating CDK stacks, defining CDK constructs, implementing infrastructure as code, or when the user mentions CDK, CloudFormation, IaC, cdk synth, cdk deploy, or wants to define AWS infrastructure programmatically. Covers CDK app structure, construct patterns, stack composition, and deployment workflows.
Cleanup Cycles
100Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".
Better Auth Integrations
99Better Auth framework integrations for TypeScript. Use when wiring route handlers in Next.js, SvelteKit, Remix, Express, Hono, or other web frameworks.