Summary
This is a triage router that helps you figure out which API security testing path to take before diving deep. It splits API work into four lanes: recon and docs (Swagger, OpenAPI), authorization bugs (BOLA, BFLA), token abuse (JWT manipulation, header trust), and GraphQL plus hidden parameters. The quick triage table is genuinely useful if you're staring at API traffic and need to decide where to start. It won't do the testing for you, but it keeps you from wandering into JWT attacks when the real issue is a missing object-level check. Think of it as a decision tree that saves you from testing everything at once.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill api-sec --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
