Loading...
Loading...
Found 93 Skills
Full API lifecycle management through Postman. Sync OpenAPI specs to collections, generate typed client code, run API tests, create mock servers, publish documentation, audit security against OWASP Top 10, and discover APIs across workspaces. Requires the Postman MCP Server. Use this skill when the user mentions Postman, API collections, syncing specs, generating SDKs, running API tests, creating mocks, API documentation, or API security audits. Triggers on tasks involving API development workflows, collection management, or any Postman-related operations.
Go API development guidelines using the standard library (1.22+) with best practices for RESTful API design, error handling, and security
Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses, HTTP methods, API versions, and encoding schemes to circumvent request throttling controls. The tester identifies rate limit headers, determines enforcement mechanisms, and attempts bypasses including X-Forwarded-For spoofing, parameter pollution, case variation, and endpoint path manipulation. Maps to OWASP API4:2023 Unrestricted Resource Consumption. Activates for requests involving rate limit bypass, API throttling evasion, brute force protection testing, or API abuse prevention assessment.
API authorization and BOLA testing playbook. Use when APIs expose object identifiers, nested resources, hidden writable fields, or weak function-level authorization.
Guides the agent through implementing authentication and authorization in FastAPI applications. Triggered when users ask to "add authentication", "implement login", "add JWT tokens", "create OAuth2 flow", "hash passwords", "protect endpoints", "add role-based access", "implement RBAC", "add API key auth", "secure the API", or mention authentication, authorization, JWT, OAuth2, password hashing, bcrypt, access tokens, refresh tokens, security dependencies, or API security.
API testing and contract validation across REST (OpenAPI 3.1), GraphQL (SDL), and gRPC (proto). Use when you need schema linting/validation, breaking-change detection (openapi diff, GraphQL schema diff, buf breaking), consumer/provider contract tests (Pact or schema-driven), negative/security testing, and CI quality gates.
Security standards for authentication, input validation, and OWASP compliance
Security audit for vulnerabilities, compliance issues, and sensitive data exposure. Use before production deployments or when reviewing security-sensitive code.
Manages AI gateway for routing, securing, and monitoring AI service requests in ML operations.