What kind of vulnerabilities can it detect?

It identifies missing CSRF tokens, insecure HTTP actions, improper input validation, exposed sensitive data in hidden fields, and dangerous state-changing GET requests.

Can I use this for bug bounty hunting?

Yes, it is specifically designed from a 'Bounty Hunter' perspective to help identify high-value vulnerabilities like IDOR and CSRF that typically command significant rewards.

Are the security checks aligned with industry standards?

Yes, the analysis maps findings to OWASP categories and CWE identifiers, providing professional-grade context for every vulnerability found.

How do I integrate this into my workflow?

You can run it via the Claude Code interface to analyze specific HTML files. For dynamic testing, it can be paired with other skills like playwright-security-runner.

Does this tool send live requests to my server?

No, this is a static analysis tool that only reads and inspects your HTML source code. It does not send payloads or interact with your server, making it 100% safe to run.

Form Security Analyzer

Name: Form Security Analyzer
Author: naporin0624

bynaporin0624

•

Seguridad y Pruebas

Performs automated static security audits on HTML forms to identify vulnerabilities like missing CSRF protection and insecure data handling.

Acerca de

The Form Security Analyzer is a specialized Claude Code Skill designed for security professionals and web developers to conduct non-intrusive static audits of HTML forms. It scans source code to detect critical security flaws, including missing CSRF tokens, insecure action URLs, and sensitive data exposure in hidden fields, providing a bounty hunter perspective on potential exploits. By focusing purely on code inspection without sending live network requests, it offers a fast, safe, and reliable way to strengthen frontend security and identify OWASP-aligned vulnerabilities before deployment.

Características Principales

Detection of dangerous patterns like state-changing GET requests
Hidden field analysis for sensitive data exposure
2 GitHub stars
Insecure HTTP action URL detection
Automated CSRF protection and token verification
Password security and autocomplete configuration checks

Casos de Uso

Automated compliance checking for secure frontend development standards
Static reconnaissance for bug bounty hunting and penetration testing
Pre-deployment security auditing of web application forms

Acerca de

Características Principales

Detection of dangerous patterns like state-changing GET requests
Hidden field analysis for sensitive data exposure
2 GitHub stars
Insecure HTTP action URL detection
Automated CSRF protection and token verification
Password security and autocomplete configuration checks

Casos de Uso

Automated compliance checking for secure frontend development standards
Static reconnaissance for bug bounty hunting and penetration testing
Pre-deployment security auditing of web application forms