Identifies cross-site scripting (XSS) vulnerabilities and improper output encoding in PHP applications.
This skill empowers Claude to perform automated security audits on PHP codebases by detecting dangerous output patterns that lead to XSS vulnerabilities. It scans for direct echoes of user input, raw template tags in Blade or Twig, unescaped JavaScript contexts, and insecure header injections. By providing specific severity classifications and structured remediation steps, it helps developers secure their web applications against common injection attacks while ensuring compliance with modern security best practices for output encoding.
主な機能
01Analyzes JavaScript, CSS, and URL contexts for injection risks
02Flags potential CRLF and header injection vulnerabilities
03Detects direct echo of raw user input and global variables
04Provides severity-rated findings with specific code fixes
05Identifies insecure Blade and Twig raw output filters
0645 GitHub stars
ユースケース
01Performing a pre-deployment security audit on a PHP web application
02Scanning legacy PHP templates for missing HTML entity encoding
03Ensuring third-party user content is safely handled in JavaScript contexts
