Can this skill be used for compliance auditing?

Yes, it is specifically mapped to frameworks like NIST CSF 2.0 (PR.PS-01, ID.RA-01) and provides automated scoring to help satisfy audit requirements.

Does it support sensitive data detection?

Yes, it includes pattern matching for sensitive data types like SSNs, credit card numbers, and PII to help prioritize risk based on data exposure.

API Security Posture Management (API-SPM) is a security practice focused on the continuous discovery, inventory, and risk assessment of an organization's entire API attack surface.

What security controls are evaluated?

It checks for authentication mechanisms, TLS/HTTPS enforcement, rate limiting, CORS policy configuration, and the presence of essential security headers.

How does this skill help with shadow APIs?

The skill analyzes traffic patterns and gateway logs to identify endpoints that are actively serving traffic but are missing from official documentation or OpenAPI specifications.

API Security Posture Management (API-SPM)

Name: API Security Posture Management (API-SPM)
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Implements continuous API discovery, classification, and risk scoring to maintain a secure and compliant API attack surface.

This skill empowers developers and security engineers to automate the management of their API security posture by continuously scanning for undocumented endpoints, evaluating security controls, and assessing risk levels. It identifies shadow APIs, validates authentication and encryption standards, and maps findings to industry frameworks like NIST CSF 2.0 and MITRE ATT&CK. By aggregating data from gateways and traffic logs, it provides a unified view of risk, enabling teams to remediate vulnerabilities before they are exploited and ensure consistent policy enforcement across the entire API lifecycle.

主要功能

01Automated classification of endpoints and ownership mapping

02Generation of posture reports aligned with NIST CSF and MITRE frameworks

03Dynamic risk scoring based on control gaps and data sensitivity

044,121 GitHub stars

05Automated discovery of shadow, internal, and partner APIs

06Continuous monitoring for configuration drift and policy violations

使用场景

01Automating compliance reporting for security audits and risk assessments

02Enforcing consistent security headers and authentication across microservices

03Identifying undocumented 'Shadow APIs' across legacy infrastructure

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-api-security-posture-management

For use in Claude.ai and ChatGPT

主要功能

01Automated classification of endpoints and ownership mapping

02Generation of posture reports aligned with NIST CSF and MITRE frameworks

03Dynamic risk scoring based on control gaps and data sensitivity

044,121 GitHub stars

05Automated discovery of shadow, internal, and partner APIs

06Continuous monitoring for configuration drift and policy violations

使用场景

01Automating compliance reporting for security audits and risk assessments

02Enforcing consistent security headers and authentication across microservices

03Identifying undocumented 'Shadow APIs' across legacy infrastructure

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-api-security-posture-management

For use in Claude.ai and ChatGPT