api-spectral

This Claude Skill provides an interactive HTTPS proxy for API security testing, enabling traffic interception, modification, and replay across HTTP/1-3 and WebSockets. It includes a Python scripting API for automation and supports multiple interfaces for debugging and testing API communications. Use it for security analysis, modifying requests/responses, and recording traffic for replay or HAR export.

This Claude Skill scans Python code for security vulnerabilities using Bandit SAST, detecting issues like hardcoded secrets, SQL injection, and insecure APIs. It generates security reports with severity classifications for CI/CD pipelines and provides remediation guidance with CWE/OWASP references. Use it to enforce Python security best practices during development workflows.

This Claude Skill performs Software Composition Analysis (SCA) using Synopsys Black Duck to scan dependencies for vulnerabilities, license risks, and supply chain threats. It maps findings to CVE, CWE, and OWASP frameworks and provides remediation guidance. Use it for continuous dependency monitoring in CI/CD pipelines and to assess open-source security and compliance.

dast-nuclei is a template-based vulnerability scanner that uses ProjectDiscovery's Nuclei to rapidly test for CVEs, OWASP Top 10 issues, and misconfigurations across web apps, APIs, and infrastructure. It's ideal for automated security checks in CI/CD pipelines and for scanning multiple targets with customizable severity thresholds. Developers can also create custom templates for organization-specific security patterns.