How does this skill detect vulnerabilities?

The skill analyzes application endpoints to see if they lack protection and validates existing mechanisms like CSRF tokens, origin headers, and SameSite cookie attributes.

What is CSRF and why should I validate it?

Cross-Site Request Forgery (CSRF) is an attack that forces an authenticated user to execute unwanted actions on a web application. Validating it ensures your users' sessions cannot be hijacked for unauthorized state changes.

Can I use this for API security?

Absolutely. It is designed to check both traditional web forms and modern API endpoints that handle sensitive data or state-changing operations.

Does this skill provide fix recommendations?

Yes, after identifying a vulnerability, the skill generates a detailed report including potential attack scenarios and specific remediation steps to secure the endpoint.

CSRF Protection Validator

Name: CSRF Protection Validator
Author: jeremylongshore

byjeremylongshore

•

884

•

セキュリティとテスト

Validates web application security by identifying Cross-Site Request Forgery (CSRF) vulnerabilities and auditing protection mechanisms.

This skill enables Claude to perform comprehensive security audits on web applications specifically targeting CSRF risks. It analyzes application endpoints, evaluates the effectiveness of implemented defenses like synchronizer tokens and SameSite cookie attributes, and generates detailed reports with remediation strategies. It is particularly useful for developers and security engineers who need to ensure their state-changing operations are secure against unauthorized cross-site requests during the development lifecycle.

主な機能

01Detailed reporting with attack scenarios and remediation guides

02Validation of synchronizer tokens and double-submit cookie patterns

03Verification of origin and referrer header validation

04Auditing of SameSite cookie attribute configurations

05Automated endpoint analysis for CSRF vulnerability identification

06884 GitHub stars

ユースケース

01Identifying unprotected API endpoints that handle sensitive data modifications

02Verifying that SameSite cookie settings are correctly implemented across an application

03Conducting a security posture audit before a production release

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills skill-adapter

For use in Claude.ai and ChatGPT

Download Skill