← Back to Skills

Api Expert

🌐Community
by martinholovsky · vlatest · Repository

Provides API guidance and assistance for agent workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add api-expert npx -- -y @trustedskills/api-expert
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "api-expert": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/api-expert"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill provides expert guidance on API design and architecture for AI agent workflows. It ensures API implementations adhere to industry standards, avoids common pitfalls (hallucinations), and prioritizes security. The skill leverages available tools like code searches and web access to verify specifications before generating or implementing any API-related code. It's designed to help agents create secure, scalable, consistent, and developer-friendly APIs.

When to use it

  • When designing new REST APIs or integrating with existing ones.
  • When needing assistance with authentication protocols like OAuth2 and JWT.
  • To ensure API implementations comply with the OWASP API Security Top 10 (2023).
  • When implementing pagination strategies (offset, cursor-based, keyset) for large datasets.
  • To verify HTTP status code meanings or OpenAPI schema options before implementation.

Key capabilities

  • Expertise in REST API design principles: resource modeling, HTTP methods, status codes, HATEOAS, Richardson Maturity Model.
  • Knowledge of API standards including OpenAPI 3.1, JSON:API, HAL, and Problem Details (RFC 7807).
  • Familiarity with various API paradigms: REST, GraphQL, gRPC, WebSocket, Server-Sent Events.
  • Understanding of authentication methods like OAuth2, JWT, API keys, mTLS, and OIDC.
  • Ability to verify HTTP status codes (RFC 7231), OpenAPI schema fields against the 3.1 specification, and OWASP categories.
  • Access to tools for code searching, web searches, and fetching official RFC documents.

Example prompts

  • "What is the correct HTTP status code for a successful resource creation?"
  • "Verify the current OAuth2 grant types."
  • "Show me examples of cursor-based pagination in OpenAPI 3.1."
  • "Check the OWASP API Security Top 10 (2023) guidance on input validation."

Tips & gotchas

  • Mandatory Verification: Always verify any API specification, header, or standard before implementing code. If certainty is below 80%, STOP and verify.
  • Hallucination Risk: This skill deals with a high-risk area (API security). Be extremely cautious about "invented" specifications or patterns – they can lead to integration failures and security vulnerabilities.
  • Documentation Required: When providing API code, always cite the official specification used for verification.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
martinholovsky
Installs
76
Repository (canonical source) →

🌐 Community

Passed automated security scans.