Which types of XSS vulnerabilities can it detect?

The skill is designed to identify Reflected XSS, Stored XSS, and DOM-based XSS by analyzing how data flows through HTML, JavaScript, and CSS.

Does this skill provide actual code fixes?

Yes, it generates a report that highlights the vulnerable code snippet and provides specific remediation advice, such as using sanitization libraries like 'sanitizeHtml'.

Is this skill useful for existing production code?

Absolutely. It is highly effective for performing security audits on existing codebases to identify legacy vulnerabilities before they are exploited.

How do I start an XSS scan with this skill?

You can trigger a scan by using the command '/xss' followed by the file or feature name, or by asking Claude to 'scan for XSS vulnerabilities' in your code.

XSS Vulnerability Scanner

Name: XSS Vulnerability Scanner
Author: intent-solutions-io

byintent-solutions-io

0•

安全与测试

Scans web application codebases to identify and remediate reflected, stored, and DOM-based XSS vulnerabilities across multiple contexts.

The XSS Vulnerability Scanner is a specialized security tool for Claude Code that automates the detection of Cross-Site Scripting vulnerabilities within HTML, JavaScript, CSS, and URL structures. By leveraging context-aware analysis and WAF bypass testing simulations, this skill helps developers identify security flaws early in the development lifecycle. It provides detailed reporting on vulnerability types, exact code locations, and actionable remediation strategies—such as sanitization recommendations and Content Security Policy (CSP) improvements—making it an essential asset for proactive security audits and robust code reviews.

主要功能

01Context-aware analysis of HTML, JavaScript, CSS, and URL parameters

02Quick activation via trigger phrases or the '/xss' shortcut command

030 GitHub stars

04Comprehensive detection of Reflected, Stored, and DOM-based XSS

05Automated identification of unsanitized user input and data sinks

06Actionable remediation guidance with suggested code fixes and libraries

使用场景

01Validating input sanitization and output encoding logic during code reviews

02Testing and hardening Content Security Policies (CSP) against common bypass techniques

03Performing automated security audits before deploying web applications to production

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add intent-solutions-io/plugins-nixtla skill-adapter

For use in Claude.ai and ChatGPT

Download Skill