Is rate limiting handled at the GraphQL layer?

The skill covers both Express-level middleware for global protection and granular directive-based rate limiting for specific high-cost operations like login or email mutations.

How does this skill prevent nested query attacks?

It implements query depth and complexity limits using tools like graphql-depth-limit and validation rules to reject overly nested or expensive requests before they reach your resolvers.

Can I implement role-based access control (RBAC)?

Yes, it provides patterns for using graphql-shield to enforce permissions at the field, query, and mutation levels based on user roles and ownership.

Does it support production-ready authentication?

Yes, it includes detailed implementation guides for JWT authentication, refresh tokens, and secure context setup to verify users on every request.

GraphQL Security Specialist

Name: GraphQL Security Specialist
Author: pluginagentmarketplace

bypluginagentmarketplace

•

セキュリティとテスト

Secures GraphQL APIs through robust authentication, granular authorization, and advanced protection against malicious queries.

概要

This skill equips Claude with specialized knowledge for hardening GraphQL servers against common vulnerabilities and resource exhaustion attacks. It provides implementation patterns for industry-standard security measures, including JWT authentication with refresh tokens, field-level authorization using graphql-shield, and defensive constraints like query depth and complexity limiting. By integrating these patterns, developers can protect sensitive data with role-based access control, prevent Denial of Service (DoS) attacks, and ensure production-grade security for their GraphQL endpoints.

主な機能

1 GitHub stars
Granular field-level authorization via graphql-shield middleware
Query depth and complexity limits to prevent resource exhaustion
Strict input validation and XSS sanitization for mutations
Multi-layer rate limiting at both the application and schema level
JWT Authentication with refresh token rotation strategies

ユースケース

Preventing malicious nested query attacks in public-facing APIs
Hardening Apollo Server instances for production environments
Implementing Role-Based Access Control (RBAC) for sensitive user data

概要

主な機能

1 GitHub stars
Granular field-level authorization via graphql-shield middleware
Query depth and complexity limits to prevent resource exhaustion
Strict input validation and XSS sanitization for mutations
Multi-layer rate limiting at both the application and schema level
JWT Authentication with refresh token rotation strategies

ユースケース

Preventing malicious nested query attacks in public-facing APIs
Hardening Apollo Server instances for production environments
Implementing Role-Based Access Control (RBAC) for sensitive user data