Is rate limiting handled at the GraphQL layer?

The skill covers both Express-level middleware for global protection and granular directive-based rate limiting for specific high-cost operations like login or email mutations.

How does this skill prevent nested query attacks?

It implements query depth and complexity limits using tools like graphql-depth-limit and validation rules to reject overly nested or expensive requests before they reach your resolvers.

Can I implement role-based access control (RBAC)?

Yes, it provides patterns for using graphql-shield to enforce permissions at the field, query, and mutation levels based on user roles and ownership.

Does it support production-ready authentication?

Yes, it includes detailed implementation guides for JWT authentication, refresh tokens, and secure context setup to verify users on every request.

GraphQL Security Specialist

Name: GraphQL Security Specialist
Author: pluginagentmarketplace

bypluginagentmarketplace

•

セキュリティとテスト

Secures GraphQL APIs through robust authentication, granular authorization, and advanced protection against malicious queries.

This skill equips Claude with specialized knowledge for hardening GraphQL servers against common vulnerabilities and resource exhaustion attacks. It provides implementation patterns for industry-standard security measures, including JWT authentication with refresh tokens, field-level authorization using graphql-shield, and defensive constraints like query depth and complexity limiting. By integrating these patterns, developers can protect sensitive data with role-based access control, prevent Denial of Service (DoS) attacks, and ensure production-grade security for their GraphQL endpoints.

主な機能

011 GitHub stars

02Granular field-level authorization via graphql-shield middleware

03Query depth and complexity limits to prevent resource exhaustion

04Strict input validation and XSS sanitization for mutations

05Multi-layer rate limiting at both the application and schema level

06JWT Authentication with refresh token rotation strategies

ユースケース

01Preventing malicious nested query attacks in public-facing APIs

02Hardening Apollo Server instances for production environments

03Implementing Role-Based Access Control (RBAC) for sensitive user data

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pluginagentmarketplace/custom-plugin-graphql graphql-security

For use in Claude.ai and ChatGPT

Download Skill