Which types of XSS vulnerabilities can it detect?

The skill is designed to identify Reflected XSS, Stored XSS, and DOM-based XSS by analyzing how data flows through HTML, JavaScript, and CSS.

Does this skill provide actual code fixes?

Yes, it generates a report that highlights the vulnerable code snippet and provides specific remediation advice, such as using sanitization libraries like 'sanitizeHtml'.

Is this skill useful for existing production code?

Absolutely. It is highly effective for performing security audits on existing codebases to identify legacy vulnerabilities before they are exploited.

How do I start an XSS scan with this skill?

You can trigger a scan by using the command '/xss' followed by the file or feature name, or by asking Claude to 'scan for XSS vulnerabilities' in your code.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: intent-solutions-io

byintent-solutions-io

セキュリティとテスト

Scans web application codebases to identify and remediate reflected, stored, and DOM-based XSS vulnerabilities across multiple contexts.

概要

The XSS Vulnerability Scanner is a specialized security tool for Claude Code that automates the detection of Cross-Site Scripting vulnerabilities within HTML, JavaScript, CSS, and URL structures. By leveraging context-aware analysis and WAF bypass testing simulations, this skill helps developers identify security flaws early in the development lifecycle. It provides detailed reporting on vulnerability types, exact code locations, and actionable remediation strategies—such as sanitization recommendations and Content Security Policy (CSP) improvements—making it an essential asset for proactive security audits and robust code reviews.

主な機能

Context-aware analysis of HTML, JavaScript, CSS, and URL parameters
Quick activation via trigger phrases or the '/xss' shortcut command
0 GitHub stars
Comprehensive detection of Reflected, Stored, and DOM-based XSS
Automated identification of unsanitized user input and data sinks
Actionable remediation guidance with suggested code fixes and libraries

ユースケース

Validating input sanitization and output encoding logic during code reviews
Testing and hardening Content Security Policies (CSP) against common bypass techniques
Performing automated security audits before deploying web applications to production

概要

主な機能

Context-aware analysis of HTML, JavaScript, CSS, and URL parameters
Quick activation via trigger phrases or the '/xss' shortcut command
0 GitHub stars
Comprehensive detection of Reflected, Stored, and DOM-based XSS
Automated identification of unsanitized user input and data sinks
Actionable remediation guidance with suggested code fixes and libraries

ユースケース

Validating input sanitization and output encoding logic during code reviews
Testing and hardening Content Security Policies (CSP) against common bypass techniques
Performing automated security audits before deploying web applications to production