CtrlK
BlogDocsLog inGet started
Tessl Logo

api-fuzzing-bug-bounty

Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable API-fuzzing reference rich in concrete payloads and commands, organized into a sequenced workflow and tables. Its weaknesses are a monolithic, slightly redundant structure with no external references and no validation checkpoints in the workflow.

Suggestions

Add validation/feedback checkpoints to the Core Workflow (e.g. 'Confirm endpoint exists before IDOR testing; re-run with a low-priv token to verify cross-user access'), which would lift workflow clarity.

Split the large reference material (GraphQL-Specific Testing, Tools Reference, Common Vulnerabilities Checklist) into bundled reference files and link to them from SKILL.md to improve progressive disclosure and reduce redundancy.

Consolidate the overlapping Common API Vulnerabilities, Quick Reference, and Tools Reference tables into a single cross-referenced table to tighten conciseness.

DimensionReasoningScore

Conciseness

The body is mostly efficient — commands, payloads, and tables with no concept explanations — but at ~430 lines it repeats overlapping material across the Common API Vulnerabilities, Quick Reference, and Tools Reference tables, so it is tighter than verbose but could still be consolidated; not the lean level-3 anchor.

2 / 3

Actionability

Provides fully executable, copy-paste-ready payloads, curl commands, GraphQL queries, and bash snippets (e.g. the boolean SQLi JSON ladder, IDOR bypass payloads, introspection query), matching the concrete copy-paste-ready anchor.

3 / 3

Workflow Clarity

The Core Workflow sequences Steps 1–5 (Recon → Auth → IDOR → Injection → Method), but there are no validation checkpoints or fix→retry feedback loops, so it sits at 'sequence present but checkpoints missing' rather than the level-3 anchor with explicit validation.

2 / 3

Progressive Disclosure

Sections are well organized with tables, but the ~430-line body is monolithic with no external reference files and inline content (GraphQL testing, tools reference, checklists) that could be split; it exceeds the <50-line simple-skill exception, so it does not reach level 3.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, distinctive description in third-person voice that names concrete actions and natural trigger terms. Its main weakness is the absence of an explicit 'Use when...' clause, which caps completeness at 2.

Suggestions

Add an explicit 'Use when...' clause, e.g. 'Use when testing APIs during bug bounty hunts or pentest engagements, or when the user mentions REST/SOAP/GraphQL endpoints, IDOR, or API authentication bypass.'

Add common phrasing variations a user might say ('API testing', 'API security', 'endpoint fuzzing') to broaden trigger coverage.

DimensionReasoningScore

Specificity

Names multiple concrete actions and targets: 'testing REST, SOAP, and GraphQL APIs' plus 'vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors', matching the multi-action anchor rather than the partial anchor at level 2.

3 / 3

Completeness

Clearly answers 'what does this do' but lacks an explicit 'Use when...' trigger clause for when Claude should invoke it, so per the guideline completeness is capped at 2 rather than reaching 3.

2 / 3

Trigger Term Quality

Includes natural terms a user would actually say — 'bug bounty hunting', 'penetration testing', 'REST, SOAP, and GraphQL APIs', 'IDOR' — giving good coverage rather than the thin keyword set at level 2.

3 / 3

Distinctiveness Conflict Risk

The bug-bounty/pentest API-fuzzing niche is distinctive with specific triggers unlikely to collide with other skills, matching the clear-niche anchor.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
boisenoise/skills-collections
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.