Frontend Mobile Security Xss Scan
Frontend Mobile Security Xss Scan is an code AI skill with a core value of You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. It
helps developers solve real-world problems in the code domain, boosting
efficiency, automating repetitive tasks, and optimizing workflows.
You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi
Quick Facts
mkdir -p ./skills/frontend-mobile-security-xss-scan && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/frontend-mobile-security-xss-scan/SKILL.md -o ./skills/frontend-mobile-security-xss-scan/SKILL.md Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).
Skill Content
# XSS Vulnerability Scanner for Frontend Code
You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection points, unsafe DOM manipulation, and improper sanitization.
Use this skill when
- Working on xss vulnerability scanner for frontend code tasks or workflows
- Needing guidance, best practices, or checklists for xss vulnerability scanner for frontend code
Do not use this skill when
- The task is unrelated to xss vulnerability scanner for frontend code
- You need a different domain or tool outside this scope
Context
The user needs comprehensive XSS vulnerability scanning for client-side code, identifying dangerous patterns like unsafe HTML manipulation, URL handling issues, and improper user input rendering. Focus on context-aware detection and framework-specific security patterns.
Requirements
$ARGUMENTS
Instructions
1. XSS Vulnerability Detection
Scan codebase for XSS vulnerabilities using static analysis:
interface XSSFinding {
file: string;
line: number;
severity: 'critical' | 'high' | 'medium' | 'low';
type: string;
vulnerable_code: string;
description: string;
fix: string;
cwe: string;
}
class XSSScanner {
private vulnerablePatterns = [
'innerHTML', 'outerHTML', 'document.write',
'insertAdjacentHTML', 'location.href', 'window.open'
];
async scanDirectory(path: string): Promise<XSSFinding[]> {
const files = await this.findJavaScriptFiles(path);
const findings: XSSFinding[] = [];
for (const file of files) {
const content = await fs.readFile(file, 'utf-8');
findings.push(...this.scanFile(file, content));
}
return findings;
}
scanFile(filePath: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
findings.push(...this.detectHTMLManipulation(filePath, content));
findings.push(...this.detectReactVulnerabilities(filePath, content));
findings.push(...this.detectURLVulnerabilities(filePath, content));
findings.push(...this.detectEventHandlerIssues(filePath, content));
return findings;
}
detectHTMLManipulation(file: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
const lines = content.split('\n');
lines.forEach((line, index) => {
if (line.includes('innerHTML') && this.hasUserInput(line)) {
findings.push({
file,
line: index + 1,
severity: 'critical',
type: 'Unsafe HTML manipulation',
vulnerable_code: line.trim(),
description: 'User-controlled data in HTML manipulation creates XSS risk',
fix: 'Use textContent for plain text or sanitize with DOMPurify library',
cwe: 'CWE-79'
});
}
});
return findings;
}
detectReactVulnerabilities(file: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
const lines = content.split('\n');
lines.forEach((line, index) => {
if (line.includes('dangerously') && !this.hasSanitization(content)) {
findings.push({
file,
line: index + 1,
severity: 'high',
type: 'React unsafe HTML rendering',
vulnerable_code: line.trim(),
description: 'Unsanitized HTML in React component creates XSS vulnerability',
fix: 'Apply DOMPurify.sanitize() before rendering or use safe alternatives',
cwe: 'CWE-79'
});
}
});
return findings;
}
detectURLVulnerabilities(file: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
const lines = content.split('\n');
lines.forEach((line, index) => {
if (line.includes('location.') && this.hasUserInput(line)) {
findings.push({
file,
line: index + 1,
severity: 'high',
type: 'URL injection',
🎯 Best For
- Security auditors
- DevSecOps teams
- Compliance officers
- Data analysts
- Business intelligence teams
💡 Use Cases
- Auditing dependencies for known CVEs
- Scanning API endpoints for auth gaps
- Finding patterns in customer data
- Creating automated dashboards
📖 How to Use This Skill
- 1
Install the Skill
Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.
- 2
Load into Your AI Assistant
Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.
- 3
Apply Frontend Mobile Security Xss Scan to Your Work
Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.
- 4
Review and Refine
Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.
❓ Frequently Asked Questions
Can this replace a dedicated SAST tool?
AI-based security review is complementary to SAST tools. Use it as a first-pass filter, not a replacement.
Can this connect to my database directly?
Most data skills accept CSV or JSON input. Database connectors are listed in the Works With section.
Is Frontend Mobile Security Xss Scan compatible with Cursor and VS Code?
Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.
Do I need specific dependencies for Frontend Mobile Security Xss Scan?
Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.
How do I install Frontend Mobile Security Xss Scan?
Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/frontend-mobile-security-xss-scan/SKILL.md, ready to use.
⚠️ Common Mistakes to Avoid
Only scanning surface-level issues
Deep security review requires understanding your app architecture, not just regex patterns.
Not validating data quality
AI analysis is only as good as your input data. Profile and clean data before analysis.
Skipping validation
Always test AI-generated code changes, even for simple refactors.
Missing dependency updates
Check if the skill requires updated dependencies or new packages.