MR
Mayur Rathi
@mayurrathi
⭐ 40.7k GitHub stars

Frontend Mobile Security Xss Scan

Frontend Mobile Security Xss Scan is an code AI skill with a core value of You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level Low
mkdir -p ./skills/frontend-mobile-security-xss-scan && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/frontend-mobile-security-xss-scan/SKILL.md -o ./skills/frontend-mobile-security-xss-scan/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# XSS Vulnerability Scanner for Frontend Code


You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection points, unsafe DOM manipulation, and improper sanitization.


Use this skill when


- Working on xss vulnerability scanner for frontend code tasks or workflows

- Needing guidance, best practices, or checklists for xss vulnerability scanner for frontend code


Do not use this skill when


- The task is unrelated to xss vulnerability scanner for frontend code

- You need a different domain or tool outside this scope


Context


The user needs comprehensive XSS vulnerability scanning for client-side code, identifying dangerous patterns like unsafe HTML manipulation, URL handling issues, and improper user input rendering. Focus on context-aware detection and framework-specific security patterns.


Requirements


$ARGUMENTS


Instructions


1. XSS Vulnerability Detection


Scan codebase for XSS vulnerabilities using static analysis:


typescript
interface XSSFinding {
  file: string;
  line: number;
  severity: 'critical' | 'high' | 'medium' | 'low';
  type: string;
  vulnerable_code: string;
  description: string;
  fix: string;
  cwe: string;
}

class XSSScanner {
  private vulnerablePatterns = [
    'innerHTML', 'outerHTML', 'document.write',
    'insertAdjacentHTML', 'location.href', 'window.open'
  ];

  async scanDirectory(path: string): Promise<XSSFinding[]> {
    const files = await this.findJavaScriptFiles(path);
    const findings: XSSFinding[] = [];

    for (const file of files) {
      const content = await fs.readFile(file, 'utf-8');
      findings.push(...this.scanFile(file, content));
    }

    return findings;
  }

  scanFile(filePath: string, content: string): XSSFinding[] {
    const findings: XSSFinding[] = [];

    findings.push(...this.detectHTMLManipulation(filePath, content));
    findings.push(...this.detectReactVulnerabilities(filePath, content));
    findings.push(...this.detectURLVulnerabilities(filePath, content));
    findings.push(...this.detectEventHandlerIssues(filePath, content));

    return findings;
  }

  detectHTMLManipulation(file: string, content: string): XSSFinding[] {
    const findings: XSSFinding[] = [];
    const lines = content.split('\n');

    lines.forEach((line, index) => {
      if (line.includes('innerHTML') && this.hasUserInput(line)) {
        findings.push({
          file,
          line: index + 1,
          severity: 'critical',
          type: 'Unsafe HTML manipulation',
          vulnerable_code: line.trim(),
          description: 'User-controlled data in HTML manipulation creates XSS risk',
          fix: 'Use textContent for plain text or sanitize with DOMPurify library',
          cwe: 'CWE-79'
        });
      }
    });

    return findings;
  }

  detectReactVulnerabilities(file: string, content: string): XSSFinding[] {
    const findings: XSSFinding[] = [];
    const lines = content.split('\n');

    lines.forEach((line, index) => {
      if (line.includes('dangerously') && !this.hasSanitization(content)) {
        findings.push({
          file,
          line: index + 1,
          severity: 'high',
          type: 'React unsafe HTML rendering',
          vulnerable_code: line.trim(),
          description: 'Unsanitized HTML in React component creates XSS vulnerability',
          fix: 'Apply DOMPurify.sanitize() before rendering or use safe alternatives',
          cwe: 'CWE-79'
        });
      }
    });

    return findings;
  }

  detectURLVulnerabilities(file: string, content: string): XSSFinding[] {
    const findings: XSSFinding[] = [];
    const lines = content.split('\n');

    lines.forEach((line, index) => {
      if (line.includes('location.') && this.hasUserInput(line)) {
        findings.push({
          file,
          line: index + 1,
          severity: 'high',
          type: 'URL injection',
 

🎯 Best For

  • Security auditors
  • DevSecOps teams
  • Compliance officers
  • Data analysts
  • Business intelligence teams

💡 Use Cases

  • Auditing dependencies for known CVEs
  • Scanning API endpoints for auth gaps
  • Finding patterns in customer data
  • Creating automated dashboards

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Frontend Mobile Security Xss Scan to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Can this replace a dedicated SAST tool?

AI-based security review is complementary to SAST tools. Use it as a first-pass filter, not a replacement.

Can this connect to my database directly?

Most data skills accept CSV or JSON input. Database connectors are listed in the Works With section.

Is Frontend Mobile Security Xss Scan compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Frontend Mobile Security Xss Scan?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Frontend Mobile Security Xss Scan?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/frontend-mobile-security-xss-scan/SKILL.md, ready to use.

⚠️ Common Mistakes to Avoid

Only scanning surface-level issues

Deep security review requires understanding your app architecture, not just regex patterns.

Not validating data quality

AI analysis is only as good as your input data. Profile and clean data before analysis.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills