Fähigkeiten frontend-mobile-security-xss-scan

🛡️

frontend-mobile-security-xss-scan

Name: frontend-mobile-security-xss-scan
Author: sickn33

Sicher ⚡ Enthält Skripte📁 Dateisystemzugriff

Scan Frontend Code for XSS Vulnerabilities

This skill helps developers identify Cross-Site Scripting (XSS) vulnerabilities in React, Vue, Angular, and vanilla JavaScript code, providing actionable fixes and secure coding patterns.

Unterstützt: Claude Codex Code(CC)

🥉 74 Bronze

Die Skill-ZIP herunterladen

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

Einschalten und loslegen

Teste es

Verwendung von "frontend-mobile-security-xss-scan". Scan this code for XSS: element.innerHTML = userInput;

Erwartetes Ergebnis:

## XSS Vulnerability Found

**Severity:** Critical
**Type:** Unsafe HTML Manipulation
**Location:** Line 1
**CWE:** CWE-79

**Description:** User-controlled data assigned to innerHTML creates XSS risk.

**Fix:** Use element.textContent for plain text, or sanitize with DOMPurify:
```javascript
import DOMPurify from 'dompurify';
element.innerHTML = DOMPurify.sanitize(userInput);
```

Verwendung von "frontend-mobile-security-xss-scan". Check this React code: <div dangerouslySetInnerHTML={{__html: content}} />

Erwartetes Ergebnis:

## React XSS Risk Found

**Severity:** High
**Type:** React Unsafe HTML Rendering
**Location:** Component

**Issue:** dangerouslySetInnerHTML used without sanitization.

**Fix:** Sanitize before rendering:
```javascript
import DOMPurify from 'dompurify';
<div dangerouslySetInnerHTML={{__html: DOMPurify.sanitize(content)}} />
```

Verwendung von "frontend-mobile-security-xss-scan". Find XSS issues in: <a href={userUrl}>Link</a>

Erwartetes Ergebnis:

## URL Injection Risk Found

**Severity:** High
**Type:** URL Injection

**Issue:** User-supplied URL in href attribute without validation.

**Fix:** Validate and sanitize URLs:
```javascript
const safeUrl = url.startsWith('http://') || url.startsWith('https://')
? url
: '#';
```

Sicherheitsaudit

Sicher

v1 • 2/25/2026

This is a legitimate defensive security skill for XSS vulnerability detection. The static analyzer flagged patterns are educational examples of vulnerable code that the skill teaches users how to detect. These patterns include innerHTML usage, fs.readFile for scanning files, and security best practices - all defensive security content, not malicious code. The skill provides guidance on identifying and fixing XSS vulnerabilities in frontend codebases.

Gescannte Dateien

325

Analysierte Zeilen

befunde

Gesamtzahl Audits

Probleme mit mittlerem Risiko (1)

SKILL.md:50-51 SKILL.md:82-92 SKILL.md:163-177

Educational Code Patterns

The skill contains examples of vulnerable code patterns (innerHTML, dangerouslySetInnerHTML, location.href) to teach detection. These are educational examples for vulnerability scanning, not actual vulnerabilities.

Probleme mit niedrigem Risiko (1)

SKILL.md:59

Filesystem Access for Scanning

Uses fs.readFile to read source files for security scanning. This is legitimate for a vulnerability scanner tool.

Risikofaktoren

⚡ Enthält Skripte (1)

SKILL.md:214

📁 Dateisystemzugriff (1)

SKILL.md:59

Auditiert von: claude

Qualitätsbewertung

Architektur

100

Wartbarkeit

Inhalt

Community

Sicherheit

Spezifikationskonformität

Was du bauen kannst

Security Audit for Web Application

Scan a React or Vue codebase before production release to identify and fix XSS vulnerabilities.

CI/CD Security Integration

Integrate XSS scanning into build pipelines to catch vulnerabilities before deployment.

Secure Code Review Assistant

Use as a coding companion to review code changes for security issues during development.

Probiere diese Prompts

Basic XSS Scan

Scan this JavaScript code for XSS vulnerabilities:

```
[PASTE CODE HERE]
```

Identify any innerHTML usage, document.write calls, or unsanitized user input rendering.

React Component Security Check

Review this React component for XSS vulnerabilities:

```
[PASTE REACT CODE HERE]
```

Check for dangerouslySetInnerHTML usage, event handler injection, and prop-based data handling.

Full Security Report

Perform a comprehensive XSS security audit on the following codebase. Include severity levels, CWE references, and recommended fixes:

```
[PASTE CODE HERE]
```

Secure Coding Guidance

What are the secure alternatives to this potentially vulnerable code pattern?

```
[PASTE VULNERABLE CODE]
```

Provide specific fixes using DOMPurify or framework-safe methods.

Bewährte Verfahren

Always sanitize user input before rendering HTML using DOMPurify or similar libraries
Prefer textContent over innerHTML for rendering plain text content
Validate and whitelist URL protocols (http, https) before assigning to href or location

Vermeiden

Using innerHTML with direct user input without sanitization
Using dangerouslySetInnerHTML without DOMPurify sanitization
Assigning user-controlled URLs to location.href without validation

Häufig gestellte Fragen

What is XSS?

Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Does this skill work with TypeScript?

Yes, the skill analyzes TypeScript code and identifies the same vulnerability patterns as in JavaScript.

Can this scan Vue applications?

Yes, the skill includes detection for Vue-specific vulnerabilities like v-html directive misuse.

What severity levels are used?

Findings are categorized as Critical, High, Medium, or Low based on exploitability and potential impact.

Does it provide fixes for vulnerabilities?

Yes, each finding includes specific remediation guidance with code examples using secure alternatives.

Can this replace manual security reviews?

This skill is a helpful assistant but should complement, not replace, comprehensive security audits and penetration testing.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/frontend-mobile-security-xss-scan

Ref

main

Dateistruktur

📄 SKILL.md