Which versions of API Platform are supported?

The skill detects your version via composer.json and is optimized for modern API Platform 2.x and 3.x implementations using PHP attributes or configuration files.

What security risks does the audit check for?

It checks for missing security attributes on sensitive operations, exposure of sensitive data in serialization groups, and improper CORS or validation configurations.

Does this skill modify my source code?

No, the audit is strictly read-only. it analyzes your files to generate a report without making any changes to your code.

Does it evaluate database performance?

Yes, it specifically looks for missing Doctrine indexes on filtered columns and checks for eager loading configurations to prevent N+1 query issues.

API Platform Auditor

Name: API Platform Auditor
Author: atournayre

byatournayre

0•

API 开发

Analyzes API Platform projects to deliver comprehensive reports on security, performance, and architecture best practices.

This skill provides an automated, non-invasive auditing workflow for Symfony projects utilizing API Platform. It systematically scans resource configurations, security attributes, serialization groups, and performance settings to identify critical vulnerabilities and architectural flaws. By evaluating your API against industry-standard best practices, it generates a structured report with actionable recommendations and a quality score, helping developers maintain high-quality, secure, and performant REST or GraphQL services without manual oversight.

主要功能

01Automated resource inventory across PHP attributes, YAML, and XML configurations

02Structured audit reports with scoring and prioritized improvement recommendations

030 GitHub stars

04Architectural consistency checks for serialization groups and DTO usage

05Security vulnerability detection including sensitive data exposure and missing guards

06Performance bottleneck identification for N+1 queries and HTTP caching

使用场景

01Ensuring architectural compliance during code reviews and refactoring phases

02Pre-release security and quality checks for new API Platform services

03Identifying technical debt and optimization opportunities in legacy Symfony APIs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add atournayre/claude-personas audit

For use in Claude.ai and ChatGPT