How do I trigger the XSS scan?

You can activate the skill by typing '/xss' or asking Claude to 'scan for XSS vulnerabilities' in your current project directory.

What types of XSS can this skill detect?

It identifies the three primary types: Reflected XSS, Stored (Persistent) XSS, and DOM-based XSS by analyzing input and output contexts.

Does it provide remediation advice?

Yes, the skill provides specific code snippets and suggests best practices, such as using sanitization libraries like sanitizeHtml, to fix identified vulnerabilities.

Can it test my Content Security Policy (CSP)?

Yes, it evaluates the effectiveness of your CSP against potential attack vectors to ensure restricted resource loading and improved security.

Is this skill suitable for automated CI/CD pipelines?

While designed for interactive use with Claude, it is highly effective for pre-deployment security audits and automated code reviews.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: BbgnsurfTech

byBbgnsurfTech

•

安全与测试

Scans web applications for reflected, stored, and DOM-based Cross-Site Scripting (XSS) vulnerabilities to ensure robust frontend security.

关于

This skill empowers Claude to proactively identify and report XSS vulnerabilities within your codebase by leveraging advanced detection techniques like context-aware analysis and WAF bypass testing. It simplifies security audits by identifying risks across HTML, JavaScript, CSS, and URL contexts, providing developers with actionable insights, remediation strategies, and safe proof-of-concept payloads to secure their applications before production deployment.

主要功能

3 GitHub stars
Context-aware scanning of HTML, JavaScript, CSS, and URL parameters
Detection of Reflected, Stored, and DOM-based XSS vulnerabilities
WAF bypass testing and safe proof-of-concept payload generation
Detailed reporting with code locations and remediation guidance
Instant activation via trigger phrases or the /xss command

使用场景

Identifying unsanitized user inputs in forms, search bars, and comment sections
Conducting security audits and code reviews prior to production deployment
Testing the effectiveness of existing Content Security Policies (CSP)

关于

主要功能

3 GitHub stars
Context-aware scanning of HTML, JavaScript, CSS, and URL parameters
Detection of Reflected, Stored, and DOM-based XSS vulnerabilities
WAF bypass testing and safe proof-of-concept payload generation
Detailed reporting with code locations and remediation guidance
Instant activation via trigger phrases or the /xss command

使用场景

Identifying unsanitized user inputs in forms, search bars, and comment sections
Conducting security audits and code reviews prior to production deployment
Testing the effectiveness of existing Content Security Policies (CSP)