api-guardian
NewAdds API security auditing agents, commands, and skills for governance and OWASP compliance.
Summary
API Guardian adds security auditing agents, commands, and skills to Claude Code for enforcing API governance and OWASP compliance.
- It helps developers identify vulnerabilities, validate API contracts, and generate security reports directly in their workflow.
Install & Usage
mkdir -p .claude/skillsmkdir -p .claude/skills && curl -o .claude/skills/api-guardian.md https://raw.githubusercontent.com/mrlm-xyz/demo-claude-marketplace/main/SKILL.md/api-guardianUse Cases
Usage Examples
/api-guardian audit /api/v2/users --owasp
Scan my OpenAPI spec at ./openapi.yaml for security issues
Generate a compliance report for all endpoints in the payment service
Security Audits
Frequently Asked Questions
What is api-guardian?
API Guardian adds security auditing agents, commands, and skills to Claude Code for enforcing API governance and OWASP compliance. It helps developers identify vulnerabilities, validate API contracts, and generate security reports directly in their workflow.
How to install api-guardian?
To install api-guardian: create the skills directory (mkdir -p .claude/skills), then run: mkdir -p .claude/skills && curl -o .claude/skills/api-guardian.md https://raw.githubusercontent.com/mrlm-xyz/demo-claude-marketplace/main/SKILL.md. Finally, /api-guardian in Claude Code.
What is api-guardian best for?
api-guardian is a skill categorized under General. It is designed for: security, api, agent. Created by Martin Hrášek.
What can I use api-guardian for?
api-guardian is useful for: Audit an API endpoint for OWASP Top 10 vulnerabilities like injection or broken authentication.; Validate OpenAPI/Swagger specs against security best practices and organizational policies.; Generate a security compliance report for a set of APIs before a production release.; Scan API traffic logs for suspicious patterns or potential data exposure.; Enforce rate limiting and authentication checks in API gateway configurations.; Review API documentation for missing security headers or improper error handling..