From cybersecurity-skills
Parses API Gateway access logs (AWS, Kong, Nginx) to detect BOLA/IDOR, rate limit bypass, credential scanning, and injection attempts using pandas for statistical analysis.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:analyzing-api-gateway-access-logsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When investigating security incidents that require analyzing api gateway access logs
Parse API gateway access logs to identify attack patterns including broken object level authorization (BOLA), excessive data exposure, and injection attempts.
import pandas as pd
df = pd.read_json("api_gateway_logs.json", lines=True)
# Detect BOLA: same user accessing many different resource IDs
bola = df.groupby(["user_id", "endpoint"]).agg(
unique_ids=("resource_id", "nunique")).reset_index()
suspicious = bola[bola["unique_ids"] > 50]
Key detection patterns:
# Detect 401 surges indicating credential scanning
auth_failures = df[df["status_code"] == 401]
scanner_ips = auth_failures.groupby("source_ip").size()
scanners = scanner_ips[scanner_ips > 100]
10plugins reuse this skill
First indexed Jun 5, 2026
Showing the 6 earliest of 10 plugins
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsParses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse and building threat detection rules.
Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse and building threat detection rules.
Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse.