api-contract-tester
by Samuel Rose
Turn OpenAPI specs into exhaustive, framework-ready test suites covering happy paths, edge cases, and security gaps.
- Generate framework-ready test suites from OpenAPI specifications
- Identify boundary conditions and off-by-one errors in API endpoints
- Detect authentication vulnerabilities and security gaps in contract logic
$5
· or 25 creditsSecure checkout via Stripe
Included in download
- Generate framework-ready test suites from OpenAPI specifications
- Identify boundary conditions and off-by-one errors in API endpoints
- browser, network automation included
- Ready for Claude Code
Sample input
I need to test the user registration endpoint at /v1/users. Can you generate some Jest tests to validate the request body, specifically focusing on email validation errors?
Sample output
"test_user_registration_invalid_email": it("returns 422 when email is missing '@'", async () => { const res = await request(app).post("/v1/users").send({ email: "bad-email" }); expect(res.status).toBe(422); expect(res.body.errors).toContainEqual(expect.objectContaining({ field: "email" })); });
api-contract-tester
by Samuel Rose
Turn OpenAPI specs into exhaustive, framework-ready test suites covering happy paths, edge cases, and security gaps.
$5
· or 25 creditsSecure checkout via Stripe
Also available in a bundle
Included in download
- Generate framework-ready test suites from OpenAPI specifications
- Identify boundary conditions and off-by-one errors in API endpoints
- browser, network automation included
- Ready for Claude Code
- Instant install
Sample input
I need to test the user registration endpoint at /v1/users. Can you generate some Jest tests to validate the request body, specifically focusing on email validation errors?
Sample output
"test_user_registration_invalid_email": it("returns 422 when email is missing '@'", async () => { const res = await request(app).post("/v1/users").send({ email: "bad-email" }); expect(res.status).toBe(422); expect(res.body.errors).toContainEqual(expect.objectContaining({ field: "email" })); });
About This Skill
Exhaustive API Contract & Regression Testing
Transform your OpenAPI specs or Postman collections into professional-grade test suites. Unlike basic tools that only check for "200 OK" responses, this skill acts as a senior quality engineer to probe the boundaries of your API. It identifies off-by-one errors, authentication vulnerabilities, and schema mismatches before they reach production.
What it does
- Parse & Analyze: Extracts endpoints, schemas, and constraints from OpenAPI/Swagger, Postman, or raw code.
- Constraint Testing: Generates tests for min/max values, regex patterns, and enum boundaries.
- Security First: Automatically builds suites for missing tokens, malformed JWTs, and unauthorized cross-user access.
- Robust Validation: Checks for breaking changes between versions, including field removals and type shifts.
- Framework Flexibility: Generates code for Jest, Pytest, Vitest, Playwright, or curl scripts.
Why use this skill
Writing comprehensive API tests is tedious and manual. This skill automates the creation of "the tests developers forget"—such as testing rate-limit headers, pagination boundaries, and SQL injection strings. It ensures consistent error response formats and prevents internal stack traces from leaking to users. The result is a production-ready test suite with a detailed coverage report across 10 distinct categories.
Supported Outputs
- JavaScript/TypeScript: Jest, Vitest, Supertest, Playwright.
- Python: Pytest with requests or httpx.
- DevOps: Shell scripts using curl with assertions.
- Reporting: Markdown-based coverage reports across happy paths, auth, and edge cases.
Use Cases
- Generate framework-ready test suites from OpenAPI specifications
- Identify boundary conditions and off-by-one errors in API endpoints
- Detect authentication vulnerabilities and security gaps in contract logic
- Verify schema compliance against production-ready regression suites
Known Limitations
- Cannot execute/run tests; only generates the code.
- Cannot probe live private APIs without user-provided auth tokens or tunnel access.
- Inferences from raw code depend on language clarity.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/api-contract-tester -o /tmp/api-contract-tester.zip && unzip -o /tmp/api-contract-tester.zip -d ~/.claude/skills && rm /tmp/api-contract-tester.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Claude Code, Cursor, Windsurf, GitHub Copilot CLI, or any agent following the SKILL.md specification.
Also available in a bundle
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
consumer-motivation-analyzer
Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.
keyword-research
Transform URLs or product lists into SEO keyword research packs with Google Ads data and intent-based clustering.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.