What kind of vulnerabilities can it detect?

It identifies missing CSRF tokens, insecure HTTP actions, improper input validation, exposed sensitive data in hidden fields, and dangerous state-changing GET requests.

Can I use this for bug bounty hunting?

Yes, it is specifically designed from a 'Bounty Hunter' perspective to help identify high-value vulnerabilities like IDOR and CSRF that typically command significant rewards.

Are the security checks aligned with industry standards?

Yes, the analysis maps findings to OWASP categories and CWE identifiers, providing professional-grade context for every vulnerability found.

How do I integrate this into my workflow?

You can run it via the Claude Code interface to analyze specific HTML files. For dynamic testing, it can be paired with other skills like playwright-security-runner.

Does this tool send live requests to my server?

No, this is a static analysis tool that only reads and inspects your HTML source code. It does not send payloads or interact with your server, making it 100% safe to run.

Form Security Analyzer

Name: Form Security Analyzer
Author: naporin0624

bynaporin0624

•

Security & Testing

Performs automated static security audits on HTML forms to identify vulnerabilities like missing CSRF protection and insecure data handling.

The Form Security Analyzer is a specialized Claude Code Skill designed for security professionals and web developers to conduct non-intrusive static audits of HTML forms. It scans source code to detect critical security flaws, including missing CSRF tokens, insecure action URLs, and sensitive data exposure in hidden fields, providing a bounty hunter perspective on potential exploits. By focusing purely on code inspection without sending live network requests, it offers a fast, safe, and reliable way to strengthen frontend security and identify OWASP-aligned vulnerabilities before deployment.

Key Features

01Detection of dangerous patterns like state-changing GET requests

02Hidden field analysis for sensitive data exposure

032 GitHub stars

04Insecure HTTP action URL detection

05Automated CSRF protection and token verification

06Password security and autocomplete configuration checks

Use Cases

01Automated compliance checking for secure frontend development standards

02Static reconnaissance for bug bounty hunting and penetration testing

03Pre-deployment security auditing of web application forms

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins form-security-analyzer

For use in Claude.ai and ChatGPT

Download Skill