api-security-testing

Run both a 42Crunch Audit and a live Scan together in a single pipeline. Use this skill when the user wants to run audit and scan together, complete the full security pipeline, or when the request is ambiguous about which phase to run. Triggers on phrases like "run audit and scan", "full 42crunch pipeline", "full security check", "audit then scan", "42crunch", or "SQG". Do NOT use this skill if the user explicitly requests only an audit (use 42crunch-audit) or only a scan (use 42crunch-scan).

Run a 42Crunch API Security Audit and fix SQG-blocking issues in an OpenAPI Specification file. Use this skill whenever the user wants to audit an OAS file for security issues, fix SQG-blocking issues, score an API, apply data dictionary enrichment, or remediate audit findings. Triggers on phrases like "run audit", "audit only", "fix audit issues", "SQG audit", "42crunch audit", "audit score", or any request focused on static OAS analysis and remediation without running a live scan.

Run a 42Crunch live conformance and authorization scan against an API and fix SQG-blocking scan findings. Use this skill whenever the user wants to run a conformance test, authorization scan, BOLA test, BFLA test, generate or configure a scan config, or fix scan-reported issues. Triggers on phrases like "run scan", "scan only", "conformance test", "BOLA test", "BFLA test", "42crunch scan", "scan config", or any request focused on live API testing without running a static audit. Use 42crunch-api-security-testing when the user wants both audit and scan together.

Set up the 42Crunch environment so that audit and scan skills can run without friction. Use this skill whenever the user wants to configure 42Crunch for the first time, install or update the 42c-ast binary, configure an API key, or troubleshoot missing credentials or binary errors. Triggers on phrases like "setup 42crunch", "configure 42crunch", "install 42c-ast", "update 42c-ast", "set api key", "42crunch not working", "binary not found", or any request to prepare the environment before running an audit or scan.

Analyze an entire API codebase and generate an accurate OpenAPI Specification (OAS 3.0) file from the source code. Use this skill whenever the user wants to generate, create, or derive an OpenAPI spec from code, reverse-engineer an API definition, or document an existing API. Triggers on phrases like "generate OAS from code", "create OpenAPI spec", "document my API", "reverse-engineer spec", "write openapi.json from my codebase", or any request to produce an OAS file by reading source files rather than an existing spec.