Does this skill provide actual code fixes?

Yes, after identifying a vulnerability, the skill provides a detailed report including the location of the issue and recommended remediation steps, such as using specific sanitization libraries.

How do I start an XSS scan with this skill?

You can trigger the scan by using the command '/xss' or by asking Claude to 'scan for XSS vulnerabilities' or 'check for XSS' in your current directory.

Can I use this for production security audits?

While highly effective during development and code review, it should be used as part of a multi-layered security strategy alongside manual penetration testing and production-level WAFs.

Which types of XSS does the scanner identify?

The skill is designed to detect the three primary types of Cross-Site Scripting: Reflected XSS, Stored XSS, and DOM-based XSS.

What file types does the scanner analyze?

The scanner analyzes HTML, JavaScript, CSS, and backend files that handle URL parameters or user-generated content.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: jeremylongshore

byjeremylongshore

•

883

•

Security & Testing

Identifies and remediates cross-site scripting vulnerabilities by performing context-aware security audits on web application source code.

This skill empowers Claude to proactively detect reflected, stored, and DOM-based XSS vulnerabilities within your codebase. By analyzing HTML, JavaScript, CSS, and URL contexts, it identifies insecure data handling patterns and suggests robust remediation strategies, such as proper sanitization and Content Security Policy (CSP) implementation. It is an essential tool for developers and security auditors looking to automate security checks during the development lifecycle or perform deep-dive analysis before production deployment.

Key Features

01883 GitHub stars

02Analyzes security contexts across HTML, JavaScript, CSS, and URLs

03Identifies potential WAF bypass risks and CSP weaknesses

04Provides specific remediation guidance and sanitization code snippets

05Detects reflected, stored, and DOM-based XSS vulnerabilities

06Triggers via simple commands like /xss or natural language requests

Use Cases

01Testing search functionalities and form inputs for injection risks

02Conducting automated security audits during the code review process

03Verifying the effectiveness of sanitization libraries and security headers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills xss-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01883 GitHub stars

02Analyzes security contexts across HTML, JavaScript, CSS, and URLs

03Identifies potential WAF bypass risks and CSP weaknesses

04Provides specific remediation guidance and sanitization code snippets

05Detects reflected, stored, and DOM-based XSS vulnerabilities

06Triggers via simple commands like /xss or natural language requests

Use Cases

01Testing search functionalities and form inputs for injection risks

02Conducting automated security audits during the code review process

03Verifying the effectiveness of sanitization libraries and security headers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills xss-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill