How do I trigger an XSS scan in Claude Code?

You can initiate a scan by using the shortcut command '/xss' or by asking Claude to 'scan for XSS vulnerabilities' or 'check for xss' in your current project.

What types of XSS vulnerabilities does this skill find?

The skill is designed to identify the three primary types of Cross-Site Scripting: Reflected XSS, Stored XSS, and DOM-based XSS.

Does the scanner provide code fixes?

Yes, the skill generates a report that highlights the vulnerable code and suggests specific remediation steps, such as using sanitization libraries like sanitizeHtml or implementing proper escaping.

Can I use this for continuous security testing?

Absolutely. It is highly effective for pre-deployment audits and reviewing new code submissions for potential security regressions.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: jeremylongshore

byjeremylongshore

•

896

•

Security & Testing

Scans web application code to detect and remediate reflected, stored, and DOM-based cross-site scripting vulnerabilities.

The XSS Vulnerability Scanner skill empowers developers to conduct automated security audits directly within their development environment. By leveraging context-aware analysis, the skill identifies potential injection points across HTML, JavaScript, CSS, and URL parameters. It proactively tests for various attack vectors, including WAF bypasses, and provides comprehensive reports that include the exact location of vulnerabilities along with expert guidance on remediation strategies like input sanitization and Content Security Policy (CSP) implementation.

Key Features

01Context-aware analysis of HTML, JS, CSS, and URL contexts

02Detection of Reflected, Stored, and DOM-based XSS vulnerabilities

03Actionable remediation guidance using industry-standard libraries

04896 GitHub stars

05Automated payload injection and WAF bypass testing

06Detailed vulnerability reporting with specific code locations

Use Cases

01Reviewing legacy codebases for unsanitized user data handling

02Validating the effectiveness of Content Security Policies (CSP)

03Performing security audits on web application search and input forms

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills scanning-for-xss-vulnerabilities

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01Context-aware analysis of HTML, JS, CSS, and URL contexts

02Detection of Reflected, Stored, and DOM-based XSS vulnerabilities

03Actionable remediation guidance using industry-standard libraries

04896 GitHub stars

05Automated payload injection and WAF bypass testing

06Detailed vulnerability reporting with specific code locations

Use Cases

01Reviewing legacy codebases for unsanitized user data handling

02Validating the effectiveness of Content Security Policies (CSP)

03Performing security audits on web application search and input forms

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills scanning-for-xss-vulnerabilities

For use in Claude.ai and ChatGPT

Download Skill