Skip to main content

rest-graphql-debug

Facilitates debugging of REST and GraphQL APIs by isolating issues related to status codes, authentication, and schemas.

Install this skill

or
0/100

Security score

The rest-graphql-debug skill was audited on Jun 11, 2026 and we found 33 security issues across 5 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 400

Template literal with variable interpolation in command context

SourceSKILL.md
400- Never hardcode tokens in scripts. Read from env (`os.environ["API_TOKEN"]`) or `${HERMES_HOME:-~/.hermes}/.env`.
medium line 49

Curl to non-GitHub URL

SourceSKILL.md
49terminal('curl -v https://api.example.com/users/1')
medium line 52

Curl to non-GitHub URL

SourceSKILL.md
52terminal("""curl -X POST https://api.example.com/users \\
medium line 58

Curl to non-GitHub URL

SourceSKILL.md
58terminal('curl -sI https://api.example.com/health')
medium line 61

Curl to non-GitHub URL

SourceSKILL.md
61terminal('curl -s https://api.example.com/users | python3 -m json.tool')
medium line 67

Curl to non-GitHub URL

SourceSKILL.md
67terminal("""curl -X POST https://api.example.com/graphql \\
medium line 113

Curl to non-GitHub URL

SourceSKILL.md
113terminal('curl -v --connect-timeout 5 https://api.example.com/health')
medium line 147

Curl to non-GitHub URL

SourceSKILL.md
147terminal('curl -vI https://api.example.com 2>&1 | grep -E "SSL|subject|expire|issuer"')
medium line 156

Curl to non-GitHub URL

SourceSKILL.md
156terminal('curl -s -o /dev/null -w "%{http_code}\\n" -H "Authorization: Bearer $TOKEN" https://api.example.com/me')
medium line 177

Curl to non-GitHub URL

SourceSKILL.md
177terminal("""curl -v -X POST https://api.example.com/endpoint \\
medium line 425

Curl to non-GitHub URL

SourceSKILL.md
425terminal('curl -sI https://api.example.com')
medium line 499

Curl to non-GitHub URL

SourceSKILL.md
499curl -X POST https://api.example.com/api/v1/users \
medium line 23

Webhook reference - potential data exfiltration

SourceSKILL.md
23- Webhook / callback integration debugging
medium line 400

Access to hidden dotfiles in home directory

SourceSKILL.md
400- Never hardcode tokens in scripts. Read from env (`os.environ["API_TOKEN"]`) or `${HERMES_HOME:-~/.hermes}/.env`.
medium line 400

Access to .env file

SourceSKILL.md
400- Never hardcode tokens in scripts. Read from env (`os.environ["API_TOKEN"]`) or `${HERMES_HOME:-~/.hermes}/.env`.
low line 164

Base64 decode operation

SourceSKILL.md
164print(json.dumps(json.loads(base64.urlsafe_b64decode(payload)), indent=2))
low line 49

External URL reference

SourceSKILL.md
49terminal('curl -v https://api.example.com/users/1')
low line 52

External URL reference

SourceSKILL.md
52terminal("""curl -X POST https://api.example.com/users \\
low line 58

External URL reference

SourceSKILL.md
58terminal('curl -sI https://api.example.com/health')
low line 61

External URL reference

SourceSKILL.md
61terminal('curl -s https://api.example.com/users | python3 -m json.tool')
low line 67

External URL reference

SourceSKILL.md
67terminal("""curl -X POST https://api.example.com/graphql \\
low line 79

External URL reference

SourceSKILL.md
79"https://api.example.com/graphql",
low line 98

External URL reference

SourceSKILL.md
98"https://api.example.com/users/1",
low line 113

External URL reference

SourceSKILL.md
113terminal('curl -v --connect-timeout 5 https://api.example.com/health')
low line 124

External URL reference

SourceSKILL.md
124-o /dev/null -s https://api.example.com/endpoint''')
low line 147

External URL reference

SourceSKILL.md
147terminal('curl -vI https://api.example.com 2>&1 | grep -E "SSL|subject|expire|issuer"')
low line 156

External URL reference

SourceSKILL.md
156terminal('curl -s -o /dev/null -w "%{http_code}\\n" -H "Authorization: Bearer $TOKEN" https://api.example.com/me')
low line 177

External URL reference

SourceSKILL.md
177terminal("""curl -v -X POST https://api.example.com/endpoint \\
low line 365

External URL reference

SourceSKILL.md
365BASE_URL = os.environ.get("API_BASE_URL", "https://api.example.com")
low line 425

External URL reference

SourceSKILL.md
425terminal('curl -sI https://api.example.com')
low line 438

External URL reference

SourceSKILL.md
438base = "https://api.example.com"
low line 474

External URL reference

SourceSKILL.md
474Base URL: https://api.example.com
low line 499

External URL reference

SourceSKILL.md
499curl -X POST https://api.example.com/api/v1/users \
Scanned on Jun 11, 2026
View Security Dashboard
Installation guide →
GitHub Stars 185.0K
Rate this skill
Categorydata analytics
UpdatedJune 15, 2026
cursorhermesfrontendstripegitapitestingbackenddata-analystbackend-developerqa-engineerdevops-sretechnical-writerdata analyticsdevelopmentcontent media
NousResearch/hermes-agent