ClaudSkills / Security / appsec-tools

Sast Graphql

Quality score: 70/100  ·  Category: Security  ·  Sub-category: appsec-tools
Detect GraphQL injection vulnerabilities in a codebase using a three-phase approach: recon (confirm GraphQL usage and find unsafe operation document assembly sites), batched verify (trace user input to those sites in parallel subagents, up to 3 candidate sites each), and merge (consolidate batch results). Requires sast/architecture.md (run sast-analysis first). Outputs findings to sast/graphql-results.md. If no GraphQL technology is found in Phase 1, later phases are skipped. Use when asked to find GraphQL injection, unsafe GraphQL document construction, or operation string injection bugs.

What this skill does

Sast Graphql is a production-ready Claude Code skill (quality score 70/100) in the appsec-tools sub-category. It ships as a SKILL.md file that Claude Code auto-discovers under ~/.claude/skills/sast-graphql/ and loads when your prompt matches the skill's trigger.

When to invoke it: Use when asked to find GraphQL injection, unsafe GraphQL document construction, or operation string injection bugs.

Who uses this skill

The Sast Graphql skill is built for security engineers, penetration testers, DevSecOps practitioners, and development teams hardening codebases and infrastructure. It is part of the open ClaudSkills registry, a community-curated catalog of 15,000+ capabilities you can install for Claude Code — the Claude CLI agent.

How to install

Free

Manual install (2 steps)

mkdir -p ~/.claude/skills/sast-graphql
curl -L https://claudskills.com/skills/sast-graphql/SKILL.md \
  -o ~/.claude/skills/sast-graphql/SKILL.md

Or just download SKILL.md directly and drop it into ~/.claude/skills/sast-graphql/. Claude Code auto-discovers it on next session.

Skills live at ~/.claude/skills/sast-graphql/SKILL.md on macOS/Linux, or %USERPROFILE%\.claude\skills\sast-graphql\SKILL.md on Windows. See the full install guide for step-by-step instructions.

Pro

One-click install via the desktop app

The ClaudSkills desktop app installs any skill directly into ~/.claude/skills/ with one click — no terminal required. Pro starts at $9/mo or $149 lifetime.

More Security skills

Browse all Security skills in the ClaudSkills registry, or explore these top-rated picks from the same category:

Browse all Security skills → Top 100 skills
Part of ClaudSkills — the open registry for Claude Code skills.  ·  What's New  ·  Install guide  ·  About  ·  llms.txt

Part of Acreator Store — Adam Lankamer's AI tools: GifPerfect · AspectPerfect · SlomoPerfect · Ucaption · UTagger · AutoXPoster · TestYourSkills