hunt-api-misconfig
Identifies and exploits API security misconfigurations, including mass assignment, JWT vulnerabilities, and CORS issues.
Install this skill
or
88/100
Security score
The hunt-api-misconfig skill was audited on May 29, 2026 and we found 4 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 50
Node child_process module reference
SourceSKILL.md
| 50 | - **`hunt-rce`** — Prototype pollution gadgets in Node.js dependencies (lodash, mongoose, jQuery) reach `child_process.spawn`. Chain primitive: Prototype pollution (`__proto__.shell=true`) + `hunt-rce |
medium line 39
Curl to non-GitHub URL
SourceSKILL.md
| 39 | curl -s -I -H "Origin: https://evil.com" https://target.com/api/user/me |
low line 39
External URL reference
SourceSKILL.md
| 39 | curl -s -I -H "Origin: https://evil.com" https://target.com/api/user/me |
low line 40
External URL reference
SourceSKILL.md
| 40 | # If: Access-Control-Allow-Origin: https://evil.com + Access-Control-Allow-Credentials: true |
Scanned on May 29, 2026
View Security Dashboard