api-security
API Security Testing
This skill enables comprehensive security testing of APIs including REST, GraphQL, gRPC, and WebSocket protocols. It covers the OWASP API Security Top 10 and provides practical testing methodologies for common API vulnerabilities.
When to Use This Skill
This skill should be invoked when:
- Performing API penetration testing
- Testing for OWASP API Security Top 10 vulnerabilities
- Fuzzing REST/GraphQL/gRPC endpoints
- Testing API authentication and authorization (BOLA/BFLA)
- Analyzing OpenAPI/Swagger specifications
- Testing JWT/OAuth implementations
- Rate limiting and resource exhaustion testing
Trigger Phrases
- "test this API for security issues"
- "pentest the REST API"
- "test GraphQL security"
More from hardw00t/ai-security-arsenal
android-pentest
Comprehensive Android mobile application penetration testing with rooted-device ADB and Frida-based MCP tooling. Covers OWASP MASTG full methodology: recon, static + dynamic analysis, SSL/root bypass, IPC fuzzing, data exfiltration, crypto audit, and reporting. Triggers on requests to pentest Android apps, analyze APKs, bypass mobile security controls, or run MASVS/MASTG assessments.
36ios-pentest
Comprehensive iOS mobile application penetration testing skill with Frida/Objection integration for jailbroken and non-jailbroken devices. This skill should be used when performing security assessments on iOS applications including static analysis, dynamic analysis, runtime manipulation, traffic interception, keychain analysis, and vulnerability identification. Triggers on requests to pentest iOS apps, test iPhone/iPad security, analyze IPAs, bypass security controls, or perform OWASP MASTG iOS assessments.
10container-security
Container and Kubernetes security assessment skill for Docker, Kubernetes, and container orchestration platforms. This skill should be used when scanning container images for vulnerabilities, auditing Kubernetes cluster security, testing container escape scenarios, reviewing Docker configurations, or performing container runtime security analysis. Triggers on requests to scan Docker images, audit Kubernetes security, test container configurations, or assess container orchestration security.
9iac-security
Infrastructure as Code security scanning skill for Terraform, CloudFormation, Kubernetes manifests, Helm charts, and ARM templates. This skill should be used when auditing IaC configurations for misconfigurations, scanning Terraform plans, validating Kubernetes security policies, checking cloud infrastructure compliance, or integrating security into CI/CD pipelines. Triggers on requests to scan Terraform, audit CloudFormation, check Kubernetes manifests, validate Helm charts, or find IaC security issues.
6sca-security
Software Composition Analysis: find vulnerable dependencies, correlate CVE/GHSA/OSV across ecosystems, generate CycloneDX/SPDX SBOMs, assess license compliance, and run reachability-aware triage to suppress unexploitable findings. Use when scanning package dependencies (npm, PyPI, Maven, Cargo, Go, RubyGems, Composer), reviewing PR lockfile diffs, generating SBOMs, auditing licenses, hunting malicious packages, or auditing the software supply chain. Triggers on requests to scan dependencies, check vulnerable packages, generate SBOM, license compliance, typosquat/dependency-confusion review, or reachability-based vuln triage.
6cloud-security
Multi-cloud security assessment skill for AWS, Azure, and GCP. This skill should be used when performing cloud security audits, scanning for misconfigurations, testing IAM policies, auditing storage permissions, and identifying privilege escalation paths. Triggers on requests to audit cloud security, scan AWS/Azure/GCP, check cloud misconfigurations, or perform cloud penetration testing.
6