How does it handle authentication guidance?

The skill covers a wide range of methods including API Keys, OAuth 2.0 tokens, JWT, mTLS, and custom HMAC request signing for tamper-proof communication.

Does this skill provide code for specific frameworks?

Yes, it includes detailed implementation patterns for ASP.NET Core and Redis, though the core security principles and logic are applicable across all modern backend frameworks.

Does it support distributed rate limiting?

Yes, it provides logic and Lua scripts for implementing distributed rate limiting using Redis, specifically focusing on the Token Bucket strategy.

Can it help with OWASP compliance?

It provides direct mitigation strategies for the OWASP API Security Top 10 (2023), helping you address the most critical vulnerabilities like BOLA, SSRF, and Broken Authentication.

API Security Expert

Name: API Security Expert
Author: melodic-software

bymelodic-software

•

Desarrollo de API

Secures web APIs through robust authentication, rate limiting, and protection against the OWASP API Top 10 vulnerabilities.

The API Security skill equips Claude with comprehensive knowledge and implementation patterns to harden web services against modern threats. It provides specific guidance on implementing secure authentication methods like OAuth 2.0 and HMAC signing, configuring distributed rate limiting using Redis, and establishing strict input validation and CORS policies. Whether you are designing a new microservice or auditing an existing gateway, this skill helps ensure your API layer is resilient against common attacks such as Broken Object Level Authorization (BOLA), SSRF, and resource exhaustion.

Características Principales

0112 GitHub stars

02Input validation and schema protection to prevent mass assignment

03OWASP API Security Top 10 (2023) mitigation strategies

04Security header configuration and CORS policy management

05Distributed rate limiting patterns using Token Bucket and Redis

06Secure authentication implementation including API Keys, JWT, and HMAC

Casos de Uso

01Configuring production-grade rate limiting to prevent DoS attacks

02Preventing Broken Object Level Authorization (BOLA/IDOR) in API controllers

03Implementing timing-safe API key validation and HMAC request signing

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins api-security

For use in Claude.ai and ChatGPT

Download Skill