Does this skill provide actual code fixes?

Yes, after identifying a vulnerability, the skill provides a detailed report including the location of the issue and recommended remediation steps, such as using specific sanitization libraries.

How do I start an XSS scan with this skill?

You can trigger the scan by using the command '/xss' or by asking Claude to 'scan for XSS vulnerabilities' or 'check for XSS' in your current directory.

Can I use this for production security audits?

While highly effective during development and code review, it should be used as part of a multi-layered security strategy alongside manual penetration testing and production-level WAFs.

Which types of XSS does the scanner identify?

The skill is designed to detect the three primary types of Cross-Site Scripting: Reflected XSS, Stored XSS, and DOM-based XSS.

What file types does the scanner analyze?

The scanner analyzes HTML, JavaScript, CSS, and backend files that handle URL parameters or user-generated content.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: jeremylongshore

byjeremylongshore

•

883

安全与测试

Identifies and remediates cross-site scripting vulnerabilities by performing context-aware security audits on web application source code.

关于

This skill empowers Claude to proactively detect reflected, stored, and DOM-based XSS vulnerabilities within your codebase. By analyzing HTML, JavaScript, CSS, and URL contexts, it identifies insecure data handling patterns and suggests robust remediation strategies, such as proper sanitization and Content Security Policy (CSP) implementation. It is an essential tool for developers and security auditors looking to automate security checks during the development lifecycle or perform deep-dive analysis before production deployment.

主要功能

883 GitHub stars
Analyzes security contexts across HTML, JavaScript, CSS, and URLs
Identifies potential WAF bypass risks and CSP weaknesses
Provides specific remediation guidance and sanitization code snippets
Detects reflected, stored, and DOM-based XSS vulnerabilities
Triggers via simple commands like /xss or natural language requests

使用场景

Testing search functionalities and form inputs for injection risks
Conducting automated security audits during the code review process
Verifying the effectiveness of sanitization libraries and security headers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills xss-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于