api-security-review
API Security Review Skill
Summary
Comprehensive security checklist for API endpoint development. Ensures proper authentication, authorization, input validation, output safety, and security logging are implemented before deployment.
When to Use
- Before merging any PR with API changes
- When creating new API endpoints
- When modifying authentication/authorization logic
- During security audits
- Code review of API routes
Quick Checklist
Pre-Deployment Security Audit
- Authentication: Route requires valid user identity
- Authorization: Ownership/permission checks implemented
- Input Validation: All inputs validated with schema (Zod/Joi/etc.)
- Output Safety: No sensitive data exposed in responses
More from bobmatnyc/claude-mpm-skills
drizzle-orm
Type-safe SQL ORM for TypeScript with zero runtime overhead
4.3Kplaywright-e2e-testing
Playwright modern end-to-end testing framework with cross-browser automation, auto-wait, and built-in test runner
2.7Kpydantic
Python data validation using type hints and runtime type checking with Pydantic v2's Rust-powered core for high-performance validation in FastAPI, Django, and configuration management.
2.2Ktailwind-css
Tailwind CSS utility-first framework for rapid UI development with responsive design and dark mode
1.2Ktrpc-type-safety
tRPC end-to-end type-safe APIs for TypeScript with React Query integration and full-stack type safety
1.1Kpytest
pytest - Python's most powerful testing framework with fixtures, parametrization, plugins, and framework integration for FastAPI, Django, Flask
899