Does it provide code fixes for identified issues?

Yes, Claude will suggest specific remediation steps, including the use of sanitization libraries like sanitizeHtml and context-appropriate escaping functions.

How do I trigger the XSS scanner?

You can activate the skill by using the command '/xss' or by asking Claude to 'scan for XSS vulnerabilities' in your current codebase.

Can it help with WAF bypass testing?

The skill includes advanced detection techniques that test for common Web Application Firewall (WAF) bypass methods to ensure your application is resilient.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: BbgnsurfTech

byBbgnsurfTech

•

安全与测试

Scans and identifies Reflected, Stored, and DOM-based XSS vulnerabilities within web applications and codebases.

This skill empowers Claude to perform proactive security audits by analyzing code for Cross-Site Scripting (XSS) risks across HTML, JavaScript, CSS, and URL contexts. It goes beyond simple pattern matching to provide context-aware analysis, including WAF bypass testing and remediation guidance, helping developers secure their applications before production deployment. By leveraging automated detection routines, the skill identifies risky data flows and suggests safe proof-of-concept payloads to verify potential exploits.

主要功能

01Safe proof-of-concept payload generation for verification

02Context-aware detection of Reflected, Stored, and DOM-based XSS

03Actionable remediation advice and sanitization recommendations

04Deep analysis of HTML, JavaScript, CSS, and URL endpoints

05Automated security audits triggered via /xss command

063 GitHub stars

使用场景

01Conducting pre-deployment security audits for web applications

02Testing the effectiveness of Content Security Policies (CSP)

03Identifying unsanitized user inputs in forms and search bars

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection skill-adapter

For use in Claude.ai and ChatGPT

Download Skill