pt-fuzzing-web-api
Performs authorized fuzzing of web applications and APIs to discover input validation failures, parser bugs, and stability issues. Use when testing HTTP endpoints, request parameters, payload handling, and error behavior under malformed or unexpected inputs.
95
92%
Does it follow best practices?
Impact
99%
1.41xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly specifies the security testing domain (fuzzing), lists concrete capabilities (input validation, parser bugs, stability issues), and provides explicit trigger guidance with natural terminology. The description effectively distinguishes itself from general API or web testing skills through its focus on malformed inputs and fuzzing.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'fuzzing of web applications and APIs', 'discover input validation failures, parser bugs, and stability issues', 'testing HTTP endpoints, request parameters, payload handling, and error behavior'. | 3 / 3 |
Completeness | Clearly answers both what (fuzzing to discover validation failures, parser bugs, stability issues) AND when ('Use when testing HTTP endpoints, request parameters, payload handling, and error behavior under malformed or unexpected inputs'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'fuzzing', 'web applications', 'APIs', 'HTTP endpoints', 'request parameters', 'payload', 'malformed inputs', 'input validation'. Good coverage of security testing terminology. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on fuzzing and malformed input testing specifically. The combination of 'fuzzing', 'malformed inputs', 'parser bugs' creates a distinct security testing profile unlikely to conflict with general API testing or web development skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured fuzzing skill with excellent workflow clarity and appropriate conciseness. The main weakness is the lack of concrete, executable examples—no actual fuzzing payloads, curl commands, or tool-specific syntax are provided, making it more of a procedural guide than an immediately actionable skill.
Suggestions
Add concrete fuzzing payload examples (e.g., boundary values, encoding mutations, type confusion inputs) that Claude can directly use or adapt
Include executable command examples using common tools (curl with malformed headers, specific parameter mutations) rather than abstract descriptions
Provide a sample minimal failing payload format showing exactly what 'minimized payload' evidence should look like
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding explanations of what fuzzing is or how HTTP works. Every section serves a purpose with no padding or unnecessary context. | 3 / 3 |
Actionability | Provides clear workflow steps and a structured output template, but lacks concrete code examples, specific tool commands, or executable fuzzing payloads. The guidance is procedural rather than copy-paste ready. | 2 / 3 |
Workflow Clarity | Clear 5-step sequence with explicit validation phase (step 4), stop conditions defined upfront, and a triage process that separates true defects from expected failures. Includes feedback loop for reproducing and minimizing payloads. | 3 / 3 |
Progressive Disclosure | Well-organized single file with clear sections (Objectives, Workflow, Output Template, Quality Checks). For a skill of this scope (~60 lines), the structure is appropriate without needing external references. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
a8ff73a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.