excessive-data-exposure-anti-pattern

Excessive Data Exposure occurs when APIs return more data than necessary for client functionality. This happens when endpoints serialize raw database objects or model classes without filtering sensitive fields. Attackers intercept API responses to access exposed PII, credentials, and internal system details, even when client-side UI hides this data.

Never serialize and return entire database objects or internal models. This exposes all object properties, including sensitive ones, assuming the client will filter what it needs.

过度数据暴露的安全反模式 (CWE-200)。在生成或查看 API 响应、数据库查询或数据序列化时使用。检测返回过多的数据，包括内部字段、敏感属性和相关记录。 来源：igbuend/grimbard。

打开你的终端或命令行工具（如 Terminal、iTerm、Windows Terminal 等） 复制并运行以下命令：npx skills add https://github.com/igbuend/grimbard --skill excessive-data-exposure-anti-pattern 安装完成后，技能将自动配置到你的 AI 编程环境中，可以在 Claude Code、Cursor 或 OpenClaw 中使用