Can it analyze different programming contexts?

Yes, it performs context-aware analysis, meaning it understands the different security requirements for HTML attributes, JavaScript blocks, and URL parameters.

How do I start an XSS scan with this skill?

You can trigger the scan by asking Claude to 'check for XSS' or by using the shortcut command '/xss' followed by the file or directory name.

Is this skill suitable for production code?

Absolutely. It is designed to be used during development, security audits, and as a final check before deploying web applications to production environments.

What types of vulnerabilities does it detect?

The skill identifies the three main types of XSS: reflected (immediate), stored (persistent in databases), and DOM-based (client-side) vulnerabilities.

Does it offer code fixes for security issues?

Yes, for every vulnerability found, the skill provides a detailed report including the affected code snippet and specific suggestions for sanitization and escaping.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: jeremylongshore

byjeremylongshore

•

883

•

セキュリティとテスト

Scans web application code to identify and remediate reflected, stored, and DOM-based Cross-Site Scripting (XSS) vulnerabilities.

The XSS Vulnerability Scanner skill empowers Claude to proactively audit your codebase for security flaws that could lead to Cross-Site Scripting attacks. By analyzing HTML, JavaScript, CSS, and URL contexts, this skill detects how user input is handled and identifies potential exploit vectors. It provides developers with detailed reports, safe proof-of-concept payloads, and specific remediation advice—such as sanitization library recommendations—to ensure web applications are secure before they reach production.

主な機能

01Automated detection of reflected, stored, and DOM-based XSS

02Context-aware analysis across HTML, JS, and CSS files

03Shortcut command support via /xss for rapid security checks

04Actionable remediation guidance with sanitization best practices

05WAF bypass testing and payload simulation for robust defense

06883 GitHub stars

ユースケース

01Validating the effectiveness of existing Content Security Policies (CSP)

02Testing input fields like search bars and comment forms for injection flaws

03Conducting security audits during the pull request and code review process

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills skill-adapter

For use in Claude.ai and ChatGPT

Download Skill