Is it suitable for legacy API modernization?

Absolutely. It can audit legacy codebases to identify security gaps and suggest modernization paths to align with current security standards.

Can it help with OAuth2 or JWT implementation?

Yes, it provides specific best practices and implementation patterns for setting up robust identity management and token validation systems.

Does this skill perform active penetration testing?

While it does not replace an external penetration test, it analyzes code structure and logic to identify potential vulnerabilities and provides immediate remediation steps.

How does this skill improve API security?

It applies industry-standard practices like OWASP Top 10 checks, secure authentication patterns, and rigorous input validation to your code during the development process.

Can it scan for vulnerable dependencies?

Yes, it can utilize built-in tools to inspect project manifests and dependencies for known security risks and suggest safer alternatives.

API Security & Compliance

Name: API Security & Compliance
Author: mrlm-xyz

bymrlm-xyz

•

セキュリティとテスト

Hardens API implementations by identifying vulnerabilities, enforcing authentication patterns, and ensuring OWASP compliance.

The API Security & Compliance skill empowers Claude to act as a security engineer, focusing on the identification and remediation of critical vulnerabilities within your codebase. By applying principles like least privilege, defense in depth, and OWASP Top 10 standards, it helps developers implement robust authentication (OAuth2, JWT), strict authorization, and rigorous input validation. Whether you are refactoring legacy endpoints or building new services, this skill ensures your API architecture is resilient against injection attacks, data leaks, and unauthorized access.

主な機能

01Automated schema validation and output sanitization strategies

02Security-focused code auditing and dependency risk analysis

03Comprehensive OWASP Top 10 vulnerability detection and remediation

0421 GitHub stars

05Configuration of rate limiting and security headers to prevent abuse

06Implementation of secure OAuth2 and JWT authentication patterns

ユースケース

01Hardening REST or GraphQL APIs against common injection and cross-site scripting attacks

02Refactoring authentication logic to align with modern industry security standards

03Conducting automated security reviews of existing codebases to ensure least privilege

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mrlm-xyz/demo-claude-marketplace security

For use in Claude.ai and ChatGPT

Download Skill