CtrlK
BlogDocsLog inGet started
Tessl Logo

xss-vulnerability-scanner

Xss Vulnerability Scanner - Auto-activating skill for Security Fundamentals. Triggers on: xss vulnerability scanner, xss vulnerability scanner Part of the Security Fundamentals skill category.

34

1.00x

Quality

3%

Does it follow best practices?

Impact

86%

1.00x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/xss-vulnerability-scanner/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

80%

12%

Security Audit: Identify XSS Vulnerabilities in a Node.js Web App

npm-based XSS scanning pipeline

Criteria
Without context
With context

npm tool usage

0%

16%

Step-by-step process

0%

0%

Stored XSS identified

100%

100%

Reflected XSS identified

100%

100%

OWASP reference

0%

100%

Severity classification

100%

100%

HTML encoding in fix

100%

100%

Script injection fix

100%

100%

Production-ready code

100%

100%

Without context: $0.4100 · 2m 2s · 19 turns · 19 in / 7,439 out tokens

With context: $0.5733 · 2m 24s · 27 turns · 28 in / 8,566 out tokens

88%

-12%

Harden a User Profile Update Feature Against Injection Attacks

Input validation and XSS prevention

Criteria
Without context
With context

npm package for encoding

100%

0%

HTML body encoding

100%

100%

URL attribute safety

100%

100%

Title tag encoding

100%

100%

Complete module

100%

100%

Identifies stored XSS

100%

100%

Multiple context coverage

100%

100%

OWASP or industry reference

100%

100%

No raw string interpolation for user data

100%

100%

Without context: $0.3510 · 1m 45s · 20 turns · 20 in / 5,344 out tokens

With context: $0.5540 · 2m 22s · 30 turns · 65 in / 7,529 out tokens

90%

Security Review for a Community Blog Platform

OWASP-aligned security assessment

Criteria
Without context
With context

npm tool in scan-commands

100%

100%

Step-by-step methodology

0%

0%

XSS findings identified

100%

100%

Authentication weakness identified

100%

100%

Input validation coverage

100%

100%

OWASP standard mapping

100%

100%

Machine-readable findings

100%

100%

Severity assigned to each

100%

100%

Multiple security domains

100%

100%

Remediation per finding

100%

100%

Without context: $0.4332 · 2m 10s · 18 turns · 19 in / 7,902 out tokens

With context: $0.5524 · 2m 11s · 26 turns · 283 in / 8,243 out tokens

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

994edc4

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Security Audit: Identify XSS Vulnerabilities in a Node.js Web AppHarden a User Profile Update Feature Against Injection AttacksSecurity Review for a Community Blog Platform

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill