Can it help with Content Security Policy (CSP)?

Absolutely. It helps test the effectiveness of your CSP by identifying injection vectors that the policy should ideally block or mitigate.

Is this skill meant for production use?

This skill is best used during the development and code review phases to identify and mitigate risks before code is deployed to production.

What types of XSS can this skill detect?

It identifies reflected, stored, and DOM-based XSS vulnerabilities by analyzing code context and how user input is handled in HTML, JS, and CSS.

How do I trigger an XSS scan?

You can use the shortcut command '/xss' or ask Claude to 'scan for XSS vulnerabilities' in a specific file, directory, or feature.

Does it provide code fixes?

Yes, the skill generates structured reports that include the location of the vulnerability and recommended remediation steps, such as using sanitization libraries.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: Brmbobo

byBrmbobo

0•

セキュリティとテスト

Automatically identifies and reports cross-site scripting (XSS) vulnerabilities in web applications through context-aware code analysis.

This skill empowers developers to proactively secure their web applications by scanning for reflected, stored, and DOM-based XSS vulnerabilities. By analyzing HTML, JavaScript, and CSS contexts, it detects potential injection points, tests for WAF bypasses, and provides actionable remediation guidance. It is an essential tool for performing security audits, ensuring compliance with security standards, and verifying the effectiveness of Content Security Policies (CSP) before production deployment.

主な機能

01Supports quick-trigger commands like /xss for instant security checks

02Detects reflected, stored, and DOM-based XSS vulnerabilities

03Tests against common WAF bypass techniques

04Provides detailed reports with code snippets and remediation steps

050 GitHub stars

06Performs context-aware analysis across HTML, JS, and CSS

ユースケース

01Verifying user input sanitization logic during the code review process

02Performing a security audit on a new search functionality or form submission

03Testing the effectiveness of a Content Security Policy (CSP) against injection attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add brmbobo/web2podcast scanning-for-xss-vulnerabilities

For use in Claude.ai and ChatGPT

Download Skill