xss-vulnerability-scanner
Xss Vulnerability Scanner - Auto-activating skill for Security Fundamentals. Triggers on: xss vulnerability scanner, xss vulnerability scanner Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill xss-vulnerability-scannerOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is essentially a placeholder with minimal useful content. It relies entirely on the skill name without explaining capabilities, use cases, or providing natural trigger terms. The redundant trigger terms and boilerplate category information provide no value for skill selection.
Suggestions
Add specific capabilities: 'Scans web applications for reflected, stored, and DOM-based XSS vulnerabilities. Analyzes input fields, URL parameters, and JavaScript code for injection points.'
Add a 'Use when...' clause: 'Use when the user mentions XSS, cross-site scripting, script injection, web application security testing, or needs to audit HTML/JavaScript for vulnerabilities.'
Expand trigger terms to include natural variations: 'XSS', 'cross-site scripting', 'script injection', 'web security', 'injection vulnerability', 'sanitize input'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the tool ('Xss Vulnerability Scanner') without describing any concrete actions. There are no specific capabilities listed like 'scans input fields', 'detects reflected/stored XSS', or 'generates reports'. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when to use' guidance. The 'Triggers on' and 'Part of' metadata are boilerplate, not actionable selection criteria. | 1 / 3 |
Trigger Term Quality | The trigger terms are redundant ('xss vulnerability scanner' listed twice) and overly specific. Missing natural variations users would say like 'XSS', 'cross-site scripting', 'script injection', 'web security scan', or 'check for XSS'. | 1 / 3 |
Distinctiveness Conflict Risk | The XSS focus provides some specificity within security tools, but 'Security Fundamentals' category is vague. Could conflict with other security scanning skills without clearer scope definition. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is an empty template that provides no actual guidance on XSS vulnerability scanning. It contains only generic placeholder text describing what a skill should do, without any concrete techniques, code examples, scanning methodologies, or tool recommendations. The content would be useless for actually performing XSS vulnerability detection.
Suggestions
Add concrete XSS scanning techniques with executable code examples (e.g., testing for reflected XSS with specific payloads, DOM-based XSS detection patterns)
Include a clear workflow: identify injection points → craft test payloads → analyze responses → validate findings → document vulnerabilities
Provide specific tool recommendations with usage examples (e.g., using browser dev tools, automated scanners, or custom scripts)
Add example XSS payloads categorized by context (HTML, JavaScript, attribute injection) and expected vulnerable vs. safe responses
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about XSS vulnerability scanning. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude doesn't need. | 1 / 3 |
Actionability | No concrete code, commands, or specific techniques for XSS scanning are provided. The content describes what the skill does abstractly but gives zero executable guidance on how to actually scan for XSS vulnerabilities. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps for scanning, no validation checkpoints, no explanation of how to identify XSS vectors, test payloads, or verify findings. | 1 / 3 |
Progressive Disclosure | The content is a flat, uninformative template with no references to detailed materials, examples, or related documentation. There's nothing to disclose progressively because there's no substantive content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.