Skip to main content

api-mitmproxy

Facilitates API security testing with traffic interception, modification, and replay capabilities using an interactive HTTPS proxy.

Install this skill

or
64/100

Security score

The api-mitmproxy skill was audited on Feb 28, 2026 and we found 14 security issues across 2 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 260

Access to /etc/passwd

SourceSKILL.md
260payloads = ["' OR '1'='1", "<script>alert(1)</script>", "../../../etc/passwd"]
medium line 260

Path traversal to sensitive directory

SourceSKILL.md
260payloads = ["' OR '1'='1", "<script>alert(1)</script>", "../../../etc/passwd"]
medium line 207

Access to hidden dotfiles in home directory

SourceSKILL.md
2071. Push certificate to device: `adb push ~/.mitmproxy/mitmproxy-ca-cert.cer /sdcard/`
low line 431

Access to hidden dotfiles in home directory

SourceSKILL.md
431ls ~/.mitmproxy/
low line 434

Access to hidden dotfiles in home directory

SourceSKILL.md
434rm -rf ~/.mitmproxy/
low line 20

External URL reference

SourceSKILL.md
20- https://mitmproxy.org/
low line 47

External URL reference

SourceSKILL.md
47# Start web interface (default: http://127.0.0.1:8081)
low line 163

External URL reference

SourceSKILL.md
163mitmproxy --mode reverse:https://api.example.com --listen-host 0.0.0.0 --listen-port 443
low line 186

External URL reference

SourceSKILL.md
186mitmproxy --mode reverse:https://api.example.com --listen-port 443
low line 192

External URL reference

SourceSKILL.md
192mitmproxy --mode upstream:http://corporate-proxy:8080
low line 202

External URL reference

SourceSKILL.md
2022. Visit http://mitm.it
low line 353

External URL reference

SourceSKILL.md
353export HTTP_PROXY=http://localhost:8080
low line 354

External URL reference

SourceSKILL.md
354export HTTPS_PROXY=http://localhost:8080
low line 483

External URL reference

SourceSKILL.md
483- [OWASP API Security Top 10](https://owasp.org/www-project-api-security/)
Scanned on Feb 28, 2026
View Security Dashboard
Installation guide →
GitHub Stars 278
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapitestingml-ai-engineerdata-analystqa-engineerbackend-developersecurity-engineerdevelopmentdata analytics
aiskillstore/marketplace