scanning-for-xss-vulnerabilities

Solid

This skill enables Claude to automatically scan for XSS (Cross-Site Scripting) vulnerabilities in code. It is triggered when the user requests to "scan for XSS vulnerabilities", "check for XSS", or uses the command "/xss". The skill identifies reflected, stored, and DOM-based XSS vulnerabilities. It analyzes HTML, JavaScript, CSS, and URL contexts to detect potential exploits and suggests safe proof-of-concept payloads. This skill is best used during code review, security audits, and before deploying web applications to production.

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 93/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

## Overview This skill empowers Claude to proactively identify and report XSS vulnerabilities within your codebase. By leveraging advanced detection techniques, including context-aware analysis and WAF bypass testing, this skill ensures your web applications are resilient against common XSS attack vectors. It provides detailed insights into vulnerability types and offers guidance on remediation strategies. ## How It Works 1. **Activation**: Claude recognizes the user's intent to scan for XSS vulnerabilities through specific trigger phrases like "scan for XSS" or the shortcut "/xss". 2. **Code Analysis**: The plugin analyzes the codebase, identifying potential XSS vulnerabilities across different contexts (HTML, JavaScript, CSS, URL). 3. **Vulnerability Detection**: The plugin detects reflected, stored, and DOM-based XSS vulnerabilities by injecting various payloads and analyzing the responses. 4. **Reporting**: The plugin generates a report highlighting identified vulnerabilities, their location in the code, and recommended remediation steps. ## When to Use This Skill This skill activates when you need to: - Perform a security audit of your web application. - Review code for potential XSS vulnerabilities. - Ensure compliance with security standards. - Test the effectiveness of your Content Security Policy (CSP). - Identify and mitigate XSS vulnerabilities before deploying to production. ## Examples ### Example 1: Detecting Reflected XSS User request: "scan for XSS vul...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

scanning-input-validation-practices

This skill enables Claude to automatically scan source code for potential input validation vulnerabilities. It identifies areas where user-supplied data is not properly sanitized or validated before being used in operations, which could lead to security exploits like SQL injection, cross-site scripting (XSS), or command injection. Use this skill when the user asks to "scan for input validation issues", "check input sanitization", "find potential XSS vulnerabilities", or similar requests related to securing user input. It is particularly useful during code reviews, security audits, and when hardening applications against common web vulnerabilities. The skill leverages the input-validation-scanner plugin to perform the analysis.

2,266 Updated today
jeremylongshore
AI & Automation Solid

scanning-for-vulnerabilities

This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.

2,266 Updated today
jeremylongshore
AI & Automation Solid

detecting-sql-injection-vulnerabilities

This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities".

2,266 Updated today
jeremylongshore
AI & Automation Solid

xss-vulnerability-scanner

Scan xss vulnerability scanner operations. Auto-activating skill for Security Fundamentals. Triggers on: xss vulnerability scanner, xss vulnerability scanner Part of the Security Fundamentals skill category. Use when working with xss vulnerability scanner functionality. Trigger with phrases like "xss vulnerability scanner", "xss scanner", "xss".

2,266 Updated today
jeremylongshore
API & Backend Solid

performing-security-testing

This skill automates security vulnerability testing. It is triggered when the user requests security assessments, penetration tests, or vulnerability scans. The skill covers OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, authentication issues, and authorization flaws. Use this skill when the user mentions "security test", "vulnerability scan", "OWASP", "SQL injection", "XSS", "CSRF", "authentication", or "authorization" in the context of application or API testing.

2,266 Updated today
jeremylongshore