api-mock
Generates API mocks and stub servers efficiently from OpenAPI specs, optimizing token usage for testing and development.
Install this skill
Security score
The api-mock skill was audited on Feb 9, 2026 and we found 33 security issues across 4 threat categories, including 3 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 227 | ```bash |
Template literal with variable interpolation in command context
| 425 | rest.get(`${baseURL}/api/users`, (req, res, ctx) => { |
Template literal with variable interpolation in command context
| 436 | rest.get(`${baseURL}/api/users/:id`, (req, res, ctx) => { |
Template literal with variable interpolation in command context
| 451 | rest.post(`${baseURL}/api/users`, async (req, res, ctx) => { |
Template literal with variable interpolation in command context
| 465 | rest.get(`${baseURL}/api/error`, (req, res, ctx) => { |
Template literal with variable interpolation in command context
| 614 | console.log(`${req.method} ${req.url}`); |
Template literal with variable interpolation in command context
| 867 | console.log(` Users: ${db.users.length}`); |
Template literal with variable interpolation in command context
| 868 | console.log(` Posts: ${db.posts.length}`); |
Template literal with variable interpolation in command context
| 869 | console.log(` Comments: ${db.comments.length}`); |
Curl to non-GitHub URL
| 936 | curl http://localhost:4010/api/users |
Curl to non-GitHub URL
| 937 | curl http://localhost:4010/api/users/1 |
Curl to non-GitHub URL
| 938 | curl -X POST http://localhost:4010/api/users \ |
Fetch to external URL
| 1149 | const response = await fetch('http://localhost:3001/users'); |
Access to .env file
| 421 | const baseURL = process.env.API_BASE_URL || 'http://localhost:3000'; |
Access to .env file
| 617 | if (process.env.MOCK_DELAY) { |
Access to .env file
| 618 | setTimeout(next, parseInt(process.env.MOCK_DELAY)); |
External URL reference
| 386 | echo "Mock API will be available at: http://localhost:4010" |
External URL reference
| 421 | const baseURL = process.env.API_BASE_URL || 'http://localhost:3000'; |
External URL reference
| 659 | echo "Mock API will be available at: http://localhost:3001" |
External URL reference
| 707 | https://repo1.maven.org/maven2/com/github/tomakehurst/wiremock-standalone/2.35.0/wiremock-standalone-2.35.0.jar |
External URL reference
| 730 | echo "Mock API will be available at: http://localhost:8080" |
External URL reference
| 920 | **Server URL:** http://localhost:4010 |
External URL reference
| 936 | curl http://localhost:4010/api/users |
External URL reference
| 937 | curl http://localhost:4010/api/users/1 |
External URL reference
| 938 | curl -X POST http://localhost:4010/api/users \ |
External URL reference
| 1005 | **Server URL:** http://localhost:3001 |
External URL reference
| 1071 | **Server URL:** http://localhost:8080 |
External URL reference
| 1106 | --proxy-all="http://real-api.com" |
External URL reference
| 1135 | API_BASE_URL=http://localhost:3001 |
External URL reference
| 1149 | const response = await fetch('http://localhost:3001/users'); |
External URL reference
| 1336 | - Prism documentation from [Stoplight](https://meta.stoplight.io/docs/prism/) |
External URL reference
| 1337 | - MSW patterns from [MSW documentation](https://mswjs.io/) |
External URL reference
| 1339 | - WireMock from [WireMock documentation](http://wiremock.org/) |