scanning-api-security

Quick Review

The skill has good structural organization with separated reference files, but suffers from a critical mismatch between its stated purpose and actual content. The description claims it 'detects API security vulnerabilities including injection, broken auth, and data exposure' for scanning/auditing APIs, but the instructions describe API development tasks (generating boilerplate, implementing endpoints, configuring databases). The skill appears to be for API development rather than security scanning. The instructions lack specific security scanning methodology, vulnerability detection techniques, or security testing procedures. For actual security scanning, a CLI agent would need concrete steps for analyzing APIs, identifying OWASP API Top 10 issues, running security tests, and reporting findings. The novelty is limited as security scanning tools are common, though automation could add value if properly implemented. The structure scores higher due to clean separation of concerns with reference files.