This is a focused template for API security testing during bug bounty hunts. It covers fuzzing REST, SOAP, and GraphQL endpoints with techniques for finding authentication bypasses, IDOR vulnerabilities, and API-specific attack vectors. You'll need Burp Suite, wordlists like SecLists, and basic Python scripting skills. Originally from sickn33's antigravity collection and now maintained by davila7, it passed Gen Agent Trust Hub's audit but got warnings from Socket and failed Snyk's checks. If you're actively hunting for API bugs and want a structured approach to enumeration and exploitation, this gives you a solid starting framework rather than building attack patterns from scratch.
npx skills add https://github.com/davila7/claude-code-templates --skill api-fuzzing-for-bug-bounty