Does it provide remediation advice?

Yes, the skill generates a detailed report outlining identified weaknesses and provides specific, actionable recommendations for fixing them.

How does this skill detect CSRF vulnerabilities?

It analyzes your application's endpoints and evaluates the presence and validity of protection mechanisms like CSRF tokens, double-submit cookies, and SameSite cookie attributes.

Can I use this for API security?

Absolutely. It is designed to target both traditional web forms and modern API endpoints to ensure state-changing operations are protected against unauthorized requests.

What specific mechanisms does it validate?

It checks for synchronizer tokens, double-submit cookies, SameSite attributes, and proper origin/referrer validation to ensure multi-layered defense.

CSRF Protection Validator

Name: CSRF Protection Validator
Author: jeremylongshore

byjeremylongshore

•

884

Security & Testing

Analyzes web applications to identify and remediate Cross-Site Request Forgery vulnerabilities by validating security tokens, cookie attributes, and origin policies.

About

The CSRF Protection Validator skill empowers Claude to perform automated security audits focused on Cross-Site Request Forgery (CSRF), ensuring web applications are resilient against unauthorized command execution. It systematically scans application endpoints, evaluates the implementation of synchronizer tokens and double-submit cookies, and checks SameSite attribute configurations to provide a comprehensive risk assessment. By generating detailed vulnerability reports with actionable remediation steps, it helps developers harden their security posture and protect sensitive user data from session-based attacks.

Key Features

Detailed security reporting with remediation recommendations
Origin and referrer validation checking
Analysis of SameSite cookie attribute configurations
884 GitHub stars
Automated endpoint vulnerability scanning
Validation of CSRF synchronizer tokens and double-submit cookies

Use Cases

Verifying the correct implementation of SameSite cookie policies across a modern web stack.
Auditing a legacy web application for missing CSRF protection on sensitive API endpoints.
Generating a comprehensive security report for compliance or peer review during the development lifecycle.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills csrf-protection-validator

For use in Claude.ai and ChatGPT

Download Skill

GitHub