fuzzing-apis
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill fuzzing-apisThis skill enables Claude to perform automated fuzz testing on APIs to discover vulnerabilities, crashes, and unexpected behavior. It leverages malformed inputs, boundary values, and random payloads to generate comprehensive fuzz test suites. Use this skill when you need to identify potential SQL injection, XSS, command injection vulnerabilities, input validation failures, and edge cases in APIs. Trigger this skill by requesting fuzz testing, vulnerability scanning, or security analysis of an API. The skill is invoked using the `/fuzz-api` command.
Validation
88%| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
Total | 14 / 16 Passed | |
Implementation
20%This skill content reads like a marketing description rather than actionable technical guidance. It explains what fuzz testing is and describes conceptually what the skill does, but provides no actual payloads, code examples, API interaction patterns, or concrete implementation details that Claude could execute. The content assumes Claude needs to be told what fuzz testing is rather than how to perform it effectively.
Suggestions
Replace abstract descriptions with concrete, executable code showing actual fuzz payloads and API interaction patterns (e.g., Python requests with specific SQL injection strings)
Add specific payload examples for each vulnerability type (SQL injection strings, XSS vectors, command injection patterns) that can be directly used
Include validation steps for analyzing responses - specific status codes, error patterns, or response characteristics that indicate vulnerabilities
Remove the 'How It Works' and 'When to Use' sections entirely - Claude knows what fuzz testing is; focus on the specific implementation details
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what fuzz testing is, how it works conceptually). The 'How It Works' section describes obvious steps rather than providing actionable guidance. Much of the content is padding that doesn't add value. | 1 / 3 |
Actionability | No executable code, commands, or concrete implementation details. The examples describe what the skill 'will do' abstractly rather than showing actual payloads, API calls, or code. There's nothing copy-paste ready or technically specific. | 1 / 3 |
Workflow Clarity | Steps are listed in the examples but lack validation checkpoints, error handling, or feedback loops. For security testing involving potentially destructive operations, there's no guidance on safe testing practices, rate limiting, or verifying results before proceeding. | 2 / 3 |
Progressive Disclosure | Content is reasonably organized with clear sections, but everything is inline in one file. For a security testing skill, detailed payload lists, response analysis patterns, and integration examples could be split into separate reference files. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a strong skill description that excels across all dimensions. It provides specific concrete actions, includes natural trigger terms users would actually say, explicitly addresses both what the skill does and when to use it, and carves out a distinct niche in API security fuzz testing. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'automated fuzz testing', 'discover vulnerabilities, crashes, and unexpected behavior', 'leverages malformed inputs, boundary values, and random payloads', 'generate comprehensive fuzz test suites', and specific vulnerability types (SQL injection, XSS, command injection). | 3 / 3 |
Completeness | Clearly answers both what ('perform automated fuzz testing on APIs to discover vulnerabilities...') and when ('Use this skill when you need to identify potential SQL injection...', 'Trigger this skill by requesting fuzz testing, vulnerability scanning, or security analysis'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'fuzz testing', 'vulnerability scanning', 'security analysis', 'API', 'SQL injection', 'XSS', 'command injection', plus the explicit command '/fuzz-api'. Good coverage of security testing terminology. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on API fuzz testing and security vulnerability discovery. The explicit '/fuzz-api' command and specific vulnerability types (SQL injection, XSS, command injection) make it highly distinguishable from general testing or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.