api-inventory-scanner
Discover and document existing API endpoints from code, logs, and traffic analysis
Best use case
api-inventory-scanner is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Discover and document existing API endpoints from code, logs, and traffic analysis
Teams using api-inventory-scanner should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/api-inventory-scanner/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How api-inventory-scanner Compares
| Feature / Agent | api-inventory-scanner | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Discover and document existing API endpoints from code, logs, and traffic analysis
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# API Inventory Scanner Skill
Discovers and documents existing API endpoints through code analysis, log inspection, and traffic analysis.
## Purpose
Enable API discovery for:
- Endpoint discovery
- Request/response format extraction
- Authentication method detection
- Rate limit identification
- Consumer mapping
## Capabilities
### 1. Endpoint Discovery
- Parse route definitions
- Analyze controller code
- Inspect API frameworks
- Find undocumented endpoints
### 2. Request/Response Format Extraction
- Extract request schemas
- Document response formats
- Identify query parameters
- Map headers and cookies
### 3. Authentication Method Detection
- Identify auth mechanisms
- Document token formats
- Map permission requirements
- Catalog security schemes
### 4. Rate Limit Identification
- Find rate limit configurations
- Document throttling rules
- Identify quotas
- Map limit tiers
### 5. Consumer Mapping
- Identify API consumers
- Track usage patterns
- Map client dependencies
- Document integrations
### 6. Usage Pattern Analysis
- Analyze access logs
- Identify hot endpoints
- Track response times
- Map error rates
## Tool Integrations
| Tool | Purpose | Integration Method |
|------|---------|-------------------|
| Swagger Inspector | Traffic capture | GUI |
| Postman | Collection building | API |
| Code parsers | Route extraction | CLI |
| Log analyzers | Traffic analysis | CLI |
| APM tools | Usage metrics | API |
## Output Schema
```json
{
"scanId": "string",
"timestamp": "ISO8601",
"endpoints": [
{
"path": "string",
"method": "string",
"description": "string",
"parameters": [],
"requestBody": {},
"responses": {},
"authentication": "string",
"rateLimit": {},
"consumers": [],
"metrics": {}
}
],
"summary": {
"totalEndpoints": "number",
"documented": "number",
"undocumented": "number"
}
}
```
## Integration with Migration Processes
- **api-modernization**: API inventory
- **integration-migration**: Integration mapping
## Related Skills
- `openapi-generator`: Spec generation
- `api-compatibility-analyzer`: Version analysis
## Related Agents
- `api-modernization-architect`: API designRelated Skills
component-inventory
Audit and inventory existing UI components in a codebase
security-scanner
Run security scans including SAST, dependency scanning, and secret detection
secret-detection-scanner
Detect secrets, credentials, and sensitive data in code and configurations. Scan git history for secrets, detect API keys, tokens, passwords, check environment files, monitor CI/CD logs for exposure, generate remediation steps, and track secret rotation status.
owasp-security-scanner
Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for sensitive data exposure, analyze security misconfigurations, and generate OWASP-compliant reports.
iac-security-scanner
Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi
git-forensics-scanner
Git diff forensics for surfacing and classifying code changes for trojan detection
gcp-security-scanner
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
dast-scanner
Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.
container-security-scanner
Container image and Kubernetes security scanning for CVEs, misconfigurations, and compliance
azure-security-scanner
Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite
aws-security-scanner
AWS security configuration scanning and hardening using Prowler, Security Hub, and AWS Config
tech-stack-scanner
Automated technical architecture review, security assessment, scalability analysis