api-security-best-practices

This skill provides a collection of security patterns and code examples for building secure REST, GraphQL, and WebSocket APIs. It covers authentication, authorization, input validation, rate limiting, and data protection strategies.

7.8K
Installs
8
Use cases
5/10
Quality

Is api-security-best-practices safe to install?

Safe to install

Safe to install: our audit of api-security-best-practices's source files found 0 shell commands, 0 external URLs, no file writes (none risk). Every command and URL listed appears verbatim in the skill's source. The skill provides documentation and code snippets for educational purposes. It does not execute code or perform network requests.

How we audit skills: our security review methodology.

Who is this skill for?

Developers and security engineers designing, auditing, or securing API endpoints.

What can you do with it?

  • Designing new API endpoints
  • Securing existing APIs
  • Implementing authentication and authorization
  • Protecting against API attacks like injection and DDoS
  • Conducting API security reviews
  • Preparing for security audits
  • Implementing rate limiting and throttling
  • Handling sensitive data in APIs

How good is this skill?

Quality score: 5/10. The skill provides clear, well-structured code examples and actionable security checklists. It covers essential topics like OWASP API Top 10 vulnerabilities.

What does the skill file contain?

SKILL.md
# API Security Best Practices

## Overview

Guide developers in building secure APIs by implementing authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities. This skill covers security patterns for REST, GraphQL, and WebSocket APIs.

## When to Use This Skill

- Use when designing new API endpoints
- Use when securing existing APIs
- Use when implementing authentication and authorization
- Use when protecting against API attacks (injection, DDoS, etc.)
- Use when conducting API security reviews
- Use when preparing for security audits
- Use...

Frequently asked questions

Does this skill automatically secure my API?

No. The skill provides patterns and code examples that developers must implement manually within their own codebase.

Which authentication methods does this skill cover?

The skill covers JWT, OAuth 2.0, and API keys.

Does the skill provide tools for input validation?

Yes. It demonstrates the use of Zod for schema validation and DOMPurify for sanitizing HTML content to prevent XSS.

Data sourced from sickn33/antigravity-awesome-skills on GitHub. Install counts from skills.sh. The summary and security audit are derived from the skill's source files: every command and URL listed appears verbatim in the source.

Related skills

lark-shared

344.2K

AI agents assisting users with lark-cli configuration, authentication, and resource management

The lark-shared skill provides instructions and protocols for managing lark-cli authentication, identity switching between user and bot, and handling permissions or high-risk operations.

highlark-cliauthenticationlarksuite

openclaw-secure-linux-cloud

270.1K

Users deploying OpenClaw on remote Linux cloud servers or VMs who require secure, hardened configurations

This skill provides a secure deployment and hardening framework for self-hosting OpenClaw on Linux cloud servers. It prioritizes private control planes, loopback binding, and SSH tunneling over public exposure.

lowsecuritylinuxxixu-me

find-skills

225.2K

Users and AI agents seeking to discover, evaluate, and install third-party agent skills from public registries

The find-skills skill searches multiple agent skill registries (skills.sh, clawhub.ai, and GitHub) in parallel to help users discover, vet, and install relevant agent capabilities. It provides a comparative report based on native popularity metrics, performs a heuristic security scan on top candidates, and flags skills already present on the user's system.

highsearchdiscoveryagentspace-so

supabase

153.8K

Developers building applications with Supabase who require assistance with database schema design, security policy implementation, CLI operations, and integration troubleshooting

The Supabase skill provides guidance for developing with the Supabase platform, including database management, authentication, RLS policies, CLI usage, and MCP server integration. It emphasizes verifying implementation against current documentation, following security checklists, and using specific CLI commands for schema migrations.

highsupabasepostgresqlsupabase