How do I trigger the XSS scan?

You can activate the skill by typing '/xss' or asking Claude to 'scan for XSS vulnerabilities' in your current project directory.

What types of XSS can this skill detect?

It identifies the three primary types: Reflected XSS, Stored (Persistent) XSS, and DOM-based XSS by analyzing input and output contexts.

Does it provide remediation advice?

Yes, the skill provides specific code snippets and suggests best practices, such as using sanitization libraries like sanitizeHtml, to fix identified vulnerabilities.

Can it test my Content Security Policy (CSP)?

Yes, it evaluates the effectiveness of your CSP against potential attack vectors to ensure restricted resource loading and improved security.

Is this skill suitable for automated CI/CD pipelines?

While designed for interactive use with Claude, it is highly effective for pre-deployment security audits and automated code reviews.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: BbgnsurfTech

byBbgnsurfTech

•

安全与测试

Scans web applications for reflected, stored, and DOM-based Cross-Site Scripting (XSS) vulnerabilities to ensure robust frontend security.

This skill empowers Claude to proactively identify and report XSS vulnerabilities within your codebase by leveraging advanced detection techniques like context-aware analysis and WAF bypass testing. It simplifies security audits by identifying risks across HTML, JavaScript, CSS, and URL contexts, providing developers with actionable insights, remediation strategies, and safe proof-of-concept payloads to secure their applications before production deployment.

主要功能

013 GitHub stars

02Context-aware scanning of HTML, JavaScript, CSS, and URL parameters

03Detection of Reflected, Stored, and DOM-based XSS vulnerabilities

04WAF bypass testing and safe proof-of-concept payload generation

05Detailed reporting with code locations and remediation guidance

06Instant activation via trigger phrases or the /xss command

使用场景

01Identifying unsanitized user inputs in forms, search bars, and comment sections

02Conducting security audits and code reviews prior to production deployment

03Testing the effectiveness of existing Content Security Policies (CSP)

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection skill-adapter

For use in Claude.ai and ChatGPT

Download Skill