Can this skill help with Content Security Policy (CSP) testing?

Absolutely. It can analyze your existing CSP headers and implementation to determine if they effectively mitigate the risk of script injection and suggest hardening improvements.

Does it provide code fixes for the vulnerabilities it finds?

Yes, it generates a detailed report that highlights the vulnerable code snippet and provides specific remediation steps, such as using appropriate escaping functions or sanitization libraries.

How do I trigger an XSS scan in Claude Code?

You can activate the scanner by using trigger phrases like 'scan for XSS', 'check for vulnerabilities', or the shorthand command '/xss' followed by the target file or directory.

What types of XSS can this skill detect?

The skill is designed to identify the three primary types of Cross-Site Scripting: Reflected XSS, Stored XSS, and DOM-based XSS by analyzing data flow and execution contexts.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: BbgnsurfTech

byBbgnsurfTech

•

Security & Testing

Automates the identification of cross-site scripting (XSS) vulnerabilities across HTML, JavaScript, and CSS contexts to enhance web application security.

The XSS Vulnerability Scanner skill equips Claude with specialized security auditing capabilities to detect reflected, stored, and DOM-based cross-site scripting flaws. By performing context-aware analysis of your codebase and testing for potential WAF bypasses, this skill identifies critical security gaps before deployment. It provides developers with actionable remediation strategies, sanitization best practices, and safe proof-of-concept payloads, making it an essential tool for security audits, code reviews, and maintaining web application integrity.

Key Features

01Automated identification of unsanitized user input and sink points

02Detection of Reflected, Stored, and DOM-based XSS vulnerabilities

033 GitHub stars

04Context-aware analysis of HTML, JavaScript, CSS, and URL parameters

05Actionable remediation guidance including code-specific sanitization fixes

06Evaluation of Content Security Policy (CSP) effectiveness

Use Cases

01Conducting pre-deployment security audits for web applications

02Validating security compliance and testing WAF bypass resilience

03Reviewing user input handling and sanitization logic in legacy codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection xss-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill