How do I trigger an XSS scan in Claude Code?

You can initiate a scan by using the shortcut command '/xss' or by asking Claude to 'scan for XSS vulnerabilities' or 'check for xss' in your current project.

What types of XSS vulnerabilities does this skill find?

The skill is designed to identify the three primary types of Cross-Site Scripting: Reflected XSS, Stored XSS, and DOM-based XSS.

Does the scanner provide code fixes?

Yes, the skill generates a report that highlights the vulnerable code and suggests specific remediation steps, such as using sanitization libraries like sanitizeHtml or implementing proper escaping.

Can I use this for continuous security testing?

Absolutely. It is highly effective for pre-deployment audits and reviewing new code submissions for potential security regressions.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: jeremylongshore

byjeremylongshore

•

896

セキュリティとテスト

Scans web application code to detect and remediate reflected, stored, and DOM-based cross-site scripting vulnerabilities.

概要

The XSS Vulnerability Scanner skill empowers developers to conduct automated security audits directly within their development environment. By leveraging context-aware analysis, the skill identifies potential injection points across HTML, JavaScript, CSS, and URL parameters. It proactively tests for various attack vectors, including WAF bypasses, and provides comprehensive reports that include the exact location of vulnerabilities along with expert guidance on remediation strategies like input sanitization and Content Security Policy (CSP) implementation.

主な機能

Context-aware analysis of HTML, JS, CSS, and URL contexts
Detection of Reflected, Stored, and DOM-based XSS vulnerabilities
Actionable remediation guidance using industry-standard libraries
896 GitHub stars
Automated payload injection and WAF bypass testing
Detailed vulnerability reporting with specific code locations

ユースケース

Reviewing legacy codebases for unsanitized user data handling
Validating the effectiveness of Content Security Policies (CSP)
Performing security audits on web application search and input forms

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills scanning-for-xss-vulnerabilities

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要