Can it detect security vulnerabilities?

Yes, it specifically tests for common vulnerabilities including SQL injection, Cross-Site Scripting (XSS), and authentication/authorization bypasses.

What kind of reports does it generate?

It generates structured reports categorizing issues by severity (Critical, Security, Warning) and includes reproducible cURL commands for every finding.

How does this skill discover API endpoints?

The skill discovers endpoints by parsing OpenAPI/Swagger specifications, probing common API paths, and utilizing GraphQL introspection queries.

Does it support GraphQL APIs?

Yes, it includes specialized patterns for GraphQL, including introspection, deep nesting tests (DoS risk), and mutation validation.

API Testing Patterns

Name: API Testing Patterns
Author: tommymorgan

bytommymorgan

•

セキュリティとテスト

Systematizes autonomous API testing through automated endpoint discovery, security validation, and comprehensive schema checks.

API Testing Patterns provides a structured framework for Claude to perform autonomous exploratory testing on REST and GraphQL APIs. It guides AI agents through a rigorous methodology that includes OpenAPI specification parsing, authentication enforcement checks, input validation for security vulnerabilities like SQL injection and XSS, and detailed performance monitoring. This skill is essential for developers and QA engineers who want to ensure their APIs are robust, secure, and compliant with documented schemas while identifying undocumented endpoints and potential bottlenecks.

主な機能

011 GitHub stars

02Automated OpenAPI and GraphQL schema discovery and validation

03Performance monitoring including response time and rate limit tracking

04Security-focused input validation for SQLi and XSS vulnerabilities

05Detailed issue reporting with reproducible cURL examples

06Comprehensive authentication and authorization boundary testing

ユースケース

01Security auditing to detect undocumented endpoints or auth bypasses

02Validating OpenAPI specifications against actual API behavior

03Exploratory testing of newly developed REST or GraphQL endpoints

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add tommymorgan/claude-plugins api-testing-patterns

For use in Claude.ai and ChatGPT

Download Skill