What cookie attributes does it validate?

It focuses on SameSite attributes (Strict, Lax) and Secure/HttpOnly flags to ensure session cookies are not vulnerable to being sent in cross-site contexts.

Can it fix the vulnerabilities automatically?

While it primarily identifies and reports vulnerabilities, it provides specific remediation recommendations that Claude can use to help you implement the necessary security patches.

How does this skill detect CSRF vulnerabilities?

It analyzes application code and endpoints to check for the absence of synchronizer tokens, improper cookie configurations, and lack of origin validation on state-changing requests.

When should I use this skill?

Use it whenever you are adding new routes, performing a security review, or when you need to verify that your application's CSRF middleware is correctly configured.

Does it support checking modern API endpoints?

Yes, it specifically scans for state-changing API operations (POST, PUT, DELETE) that might be vulnerable to cross-origin attacks if they lack proper validation.

CSRF Security Validator

Name: CSRF Security Validator
Author: intent-solutions-io

byintent-solutions-io

セキュリティとテスト

Audits web applications for Cross-Site Request Forgery vulnerabilities by validating security tokens, cookie attributes, and endpoint protections.

概要

The CSRF Security Validator is a specialized tool for Claude Code designed to enhance the security posture of web applications by identifying Cross-Site Request Forgery (CSRF) vulnerabilities. It automatically analyzes application endpoints to detect missing protections, validates the implementation of synchronizer tokens and double-submit cookies, and verifies that SameSite cookie attributes and origin headers are correctly configured. This skill is essential for developers and security engineers who need to perform rapid security audits, generate vulnerability reports, and ensure that all state-changing operations are adequately protected against unauthorized cross-origin requests.

主な機能

Validation of synchronizer tokens and double-submit cookies
Origin validation and request header integrity checking
Comprehensive endpoint scanning for CSRF protection gaps
0 GitHub stars
Automated generation of detailed vulnerability remediation reports
Analysis of SameSite cookie attributes and secure configurations

ユースケース

Auditing web application security during the development lifecycle
Identifying unprotected API endpoints that handle sensitive data
Verifying the effectiveness of implemented security middleware

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add intent-solutions-io/plugins-nixtla skill-adapter

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要