excessive-data-exposure-anti-pattern

Excessive Data Exposure occurs when APIs return more data than necessary for client functionality. This happens when endpoints serialize raw database objects or model classes without filtering sensitive fields. Attackers intercept API responses to access exposed PII, credentials, and internal system details, even when client-side UI hides this data.

Never serialize and return entire database objects or internal models. This exposes all object properties, including sensitive ones, assuming the client will filter what it needs.

過度資料暴露的安全反模式 (CWE-200)。在產生或查看 API 回應、資料庫查詢或資料序列化時使用。檢測傳回過多的數據，包括內部欄位、敏感屬性和相關記錄。 來源：igbuend/grimbard。

開啟你的終端機或命令列工具（如 Terminal、iTerm、Windows Terminal 等） 複製並執行以下指令：npx skills add https://github.com/igbuend/grimbard --skill excessive-data-exposure-anti-pattern 安裝完成後，技能將自動設定到你的 AI 程式設計環境中，可以在 Claude Code、Cursor 或 OpenClaw 中使用