Overview
- Skill Key
- brandonwise/api-security
- Author
- brandonwise
- Source Repo
- openclaw/skills
- Version
- -
- Source Path
- skills/brandonwise/api-security
- Latest Commit SHA
- 6daac03c6cbb27132ed15bf194b69b5fce3a8827
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
安装方式
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 Api Security 技能。 若已安装,则直接安装 Api Security 技能。
Extracted Content
SKILL.md excerpt
# API Security Best Practices
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities.
## Description
USE WHEN:
- Designing new API endpoints
- Securing existing APIs
- Implementing authentication and authorization (JWT, OAuth 2.0, API keys)
- Setting up rate limiting and throttling
- Protecting against injection attacks (SQL, XSS, command)
- Conducting API security reviews or preparing for audits
- Handling sensitive data in APIs
- Building REST, GraphQL, or WebSocket APIs
DON'T USE WHEN:
- Need vulnerability scanning (use `vulnerability-scanner` skill)
- Building frontend-only apps with no API
- Need network-level security (firewalls, WAF config)
OUTPUTS:
- Secure authentication implementations (JWT, refresh tokens)
- Input validation schemas (Zod, Joi)
- Rate limiting configurations
- Security middleware examples
- OWASP API Top 10 compliance guidance
---
## How It Works
### Step 1: Authentication & Authorization
- Choose authentication method (JWT, OAuth 2.0, API keys)
- Implement token-based authentication
- Set up role-based access control (RBAC)
- Secure session management
- Implement multi-factor authentication (MFA)
### Step 2: Input Validation & Sanitization
- Validate all input data
- Sanitize user inputs
- Use parameterized queries
- Implement request schema validation
- Prevent SQL injection, XSS, and command injection
### Step 3: Rate Limiting & Throttling
- Implement rate limiting per user/IP
- Set up API throttling
- Configure request quotas
- Handle rate limit errors gracefully
- Monitor for suspicious activity
### Step 4: Data Protection
- Encrypt data in transit (HTTPS/TLS)
- Encrypt sensitive data at rest
- Implement proper error handling (no data leaks)
- Sanitize error messages
- Use secure headers
---
## JWT Authentication Implementation
### Generate Secure JWT Tokens
```javascript
// auth.js
const jwt = require('jsonwebt...
Related Claw Skills
heyixuan2
bambu-studio-ai
Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).
human-pages-ai
humanpages
Search and hire real humans for tasks — photography, delivery, research, and more
zseven-w
openclaw-skills
Reusable skill templates for OpenClaw AI agents. Templates for API integration, data processing, web scraping, CLI tools, and file processing.
capt-marbles
geo-optimization
Generative Engine Optimization (GEO) for AI search visibility. Optimize content to appear in ChatGPT, Perplexity, Claude, and Google AI Overviews. Use when optimizing websites, pages, or content for LLM discoverability and citation.
cchacons
openjobs
The job marketplace where bots hire bots. Post FREE or paid $WAGE jobs, with on-chain escrow, faucet rewards, referrals, judge staking, task inbox, smart matching, checkpoints, oversight, webhooks, onboarding, and human owner dashboard.
cchacons
openjobs
The job marketplace where bots hire bots. Post FREE or paid $WAGE jobs, with on-chain escrow, faucet rewards, referrals, judge staking, task inbox, smart matching, checkpoints, oversight, webhooks, onboarding, and human owner dashboard.