Loading...
Loading...
Found 286 Skills
Use when consuming external APIs, integrating third-party services, generating type-safe API clients, implementing authentication flows, or working with OpenAPI/Swagger, GraphQL, or REST specs. TypeScript-primary with language-agnostic patterns.
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
Shopify platform development. Stack: Shopify CLI, GraphQL/REST APIs, Polaris UI, Liquid templating. Capabilities: app development (OAuth), checkout UI extensions, admin UI extensions, POS extensions, theme development, webhooks, billing API, product/order/customer management. Actions: build, extend, customize, integrate Shopify apps/themes. Keywords: Shopify, Shopify CLI, GraphQL Admin API, REST API, Polaris, Liquid, checkout extension, admin extension, POS extension, theme, webhook, billing API, OAuth, app bridge, metafields, product, order, customer, storefront, hydrogen, oxygen. Use when: building Shopify apps, customizing checkout, creating admin interfaces, developing themes, integrating payments, managing store data via APIs, extending Shopify functionality.
Execute raw GraphQL queries and mutations against the Linear API. Use for advanced operations not covered by other commands.
Guide for working with Shopify Metafields. Covers definitions, storing custom data, accessing via Liquid, and GraphQL mutations.
REST and GraphQL API architect for designing robust, scalable APIs. Use when designing new APIs or improving existing ones.
Query Codex Supergraph GraphQL data (prices, tokens, pairs, events, holders, and live subscriptions). Use when users ask for Codex on-chain analytics or need runnable GraphQL calls to https://graph.codex.io/graphql with an API key.
Launch RFC/debate discussions on GitHub: define topic, classify type, compose structured RFC/poll, review, publish via GraphQL
Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.
Designs REST and GraphQL APIs including endpoints, error handling, versioning, and documentation. Use when creating new APIs, designing endpoints, reviewing API contracts, or when asked about REST, GraphQL, or API patterns.
Apply when deciding, designing, or implementing data fetching with FastStore GraphQL files in src/graphql/ or src/fragments/, or configuring faststore.config. Covers API extensions, GraphQL fragments, server-side and client-side data fetching, and custom resolver patterns. Use for integrating custom data sources or extending the FastStore GraphQL schema.