Does it support API-only applications?

Yes, it specifically analyzes API endpoints to ensure state-changing operations are protected against forgery attacks.

How does this skill identify CSRF vulnerabilities?

It scans your codebase and configuration files to verify the presence of anti-CSRF tokens, secure cookie attributes, and proper request origin validation.

Can it help fix the vulnerabilities it finds?

Yes, it provides prioritized remediation steps and code examples to help you implement robust CSRF protections.

What tools does this skill utilize?

It leverages a suite of security-focused bash commands, grep, and file analysis tools to perform deep audits of your source code.

CSRF Security Validator

Name: CSRF Security Validator
Author: jeremylongshore

byjeremylongshore

•

896

安全与测试

Automates the identification and remediation of Cross-Site Request Forgery (CSRF) vulnerabilities across web applications and API endpoints.

关于

The CSRF Security Validator is a specialized security tool designed to fortify web applications against session hijacking and unauthorized state-changing operations. It systematically analyzes codebase configurations, cookie settings, and API endpoints to detect missing or misconfigured CSRF protections such as token validation, SameSite attributes, and double-submit cookie patterns. Ideal for security audits and automated code reviews, this skill provides developers with actionable reports, severity-ranked findings, and specific code recommendations to ensure compliance with modern security standards like OWASP.

主要功能

Automated generation of detailed security vulnerability reports
Review of double-submit cookie and origin validation patterns
Validation of SameSite cookie attribute configurations
Comprehensive endpoint analysis for missing CSRF tokens
Remediation guidance with prioritized fixes based on impact
896 GitHub stars

使用场景

Identifying unprotected API endpoints handling sensitive data
Pre-deployment security audits for new web application features
Verifying compliance with OWASP CSRF prevention standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills validating-csrf-protection

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于