Skill Detail

OWASP ZAP API Fuzzer

Automates REST API security testing using the OWASP ZAP Python SDK. Runs active scans, SQL injection probes, and XSS tests against OpenAPI specs with structured vulnerability reports.

Security & VerificationOpenClaw

Security & Verification OpenClaw Security Reviewed

Tool match: owasp ⭐ 15k GitHub stars Apache-2.0 license

INSTALL WITH ANY AGENT

npx skills add agentskillexchange/skills --skill owasp-zap-api-fuzzer Copy

Works best when you want a reusable capability, not another fragile one-off prompt.

View source

At a glance

Last updated

Mar 24, 2026

Quick brief

Automates REST API security testing using the OWASP ZAP Python SDK. Runs active scans, SQL injection probes, and XSS tests against OpenAPI specs with structured vulnerability reports.

How it works

What this skill actually does

This skill provides automated tooling for owasp zap api fuzzer workflows. It integrates directly with your development pipeline, offering configurable scanning depth, custom rule definitions, and structured output formats compatible with major CI/CD platforms. The agent handles authentication, rate limiting, and retry logic internally, so you can focus on reviewing results rather than managing infrastructure. Supports both interactive and headless operation modes with JSON and SARIF output for downstream processing. Includes built-in caching to minimize redundant API calls across sequential runs.

Best fit

When to reach for it

Best when the job fits Security & Verification.
Works naturally with OpenClaw setups.

Trust & provenance

Why this listing is credible

Built around the owasp toolchain.
Trust status: Security Reviewed.
15k GitHub stars on the linked upstream source.
License: Apache-2.0.
Last updated Mar 24, 2026.

View source ↗