Skill Detail

Test API authorization flows with Hadrian

<p>Lets an agent exercise REST, GraphQL, and gRPC authorization paths with YAML-defined role tests so BOLA, BFLA, broken authentication, and related API flaws are caught before release.</p>

Security & VerificationMulti-Framework

Security & Verification Multi-Framework Security Reviewed

⭐ 38 GitHub stars

INSTALL WITH ANY AGENT

npx skills add agentskillexchange/skills --skill hadrian-api-authorization-security-testing Copy

Works best when you want a reusable capability, not another fragile one-off prompt.

View source

At a glance

Tools required

Go or a prebuilt Hadrian binary, plus a target API definition or endpoint and role/auth configuration files such as roles.yaml and auth.yaml.

Install & setup

<p>Install from source with <code>go install github.com/praetorian-inc/hadrian/cmd/hadrian@latest</code>, or download a prebuilt binary from the repository releases. Supply the target API plus <code>roles.yaml</code> and <code>auth.yaml</code>, then run <code>hadrian test rest</code>, <code>hadrian test graphql</code>, or <code>hadrian test grpc</code> for the protocol you need to verify.</p>

Author

Praetorian

Publisher

Company

Last updated

Apr 13, 2026

Quick brief

Use Hadrian when an agent needs to test API authorization behavior instead of merely calling endpoints. It fits review and release workflows where the agent should replay requests as different roles, compare allowed versus denied actions, and surface OWASP API Top 10 issues such as broken object-level authorization, broken function-level authorization, and broken authentication across REST, GraphQL, and gRPC services.

How it works

What this skill actually does

This is skill-shaped because the workflow is narrow and operational: validate access-control boundaries with template-driven API tests and mutation-style verification. It is not a generic pentest platform, full DAST suite, or catch-all security product listing. Invoke it when the agent needs to verify role boundaries and authorization logic inside an API workflow.

Best fit

When to reach for it

Best when the job fits Security & Verification.
Works naturally with Multi-Framework setups.
Requires Go or a prebuilt Hadrian binary, plus a target API….
Installation is straightforward: Install from source with go install github.com/praetorian-inc/hadrian/cmd/hadrian@latest, or download a prebuilt binary from the repository releases.…

Trust & provenance

Why this listing is credible

Trust status: Security Reviewed.
38 GitHub stars on the linked upstream source.
Last updated Apr 13, 2026.

View source ↗