← Back to plugins

backend-security-skills

Skill by souzavinny · 2 stars

Security auditor for Node.js and Python backend APIs. Four skills cover pre-audit reconnaissance (route graph, auth matrix, invariants), static code audit across the OWASP API Security Top 10 via 8 parallel agents (authz / authn / injection / deserialization-and-ssrf / crypto-and-secrets / resource-and-business-logic / config-and-supply-chain / llm-and-integration), and live HTTP probing that verifies findings with reproducible curl transcripts. Outputs markdown or JSON with severity + CWE + OWASP API Top 10 tags per finding. Built for Express, NestJS, Fastify, Koa, Next.js, FastAPI, Django, Flask, and Starlette.

/plugin install backend-security-skills@claude-community