Does it support API-only applications?

Yes, it specifically analyzes API endpoints to ensure state-changing operations are protected against forgery attacks.

How does this skill identify CSRF vulnerabilities?

It scans your codebase and configuration files to verify the presence of anti-CSRF tokens, secure cookie attributes, and proper request origin validation.

Can it help fix the vulnerabilities it finds?

Yes, it provides prioritized remediation steps and code examples to help you implement robust CSRF protections.

What tools does this skill utilize?

It leverages a suite of security-focused bash commands, grep, and file analysis tools to perform deep audits of your source code.

CSRF Security Validator

Name: CSRF Security Validator
Author: jeremylongshore

byjeremylongshore

•

896

•

Security & Testing

Automates the identification and remediation of Cross-Site Request Forgery (CSRF) vulnerabilities across web applications and API endpoints.

The CSRF Security Validator is a specialized security tool designed to fortify web applications against session hijacking and unauthorized state-changing operations. It systematically analyzes codebase configurations, cookie settings, and API endpoints to detect missing or misconfigured CSRF protections such as token validation, SameSite attributes, and double-submit cookie patterns. Ideal for security audits and automated code reviews, this skill provides developers with actionable reports, severity-ranked findings, and specific code recommendations to ensure compliance with modern security standards like OWASP.

Key Features

01Automated generation of detailed security vulnerability reports

02Review of double-submit cookie and origin validation patterns

03Validation of SameSite cookie attribute configurations

04Comprehensive endpoint analysis for missing CSRF tokens

05Remediation guidance with prioritized fixes based on impact

06896 GitHub stars

Use Cases

01Identifying unprotected API endpoints handling sensitive data

02Pre-deployment security audits for new web application features

03Verifying compliance with OWASP CSRF prevention standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills validating-csrf-protection

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01Automated generation of detailed security vulnerability reports

02Review of double-submit cookie and origin validation patterns

03Validation of SameSite cookie attribute configurations

04Comprehensive endpoint analysis for missing CSRF tokens

05Remediation guidance with prioritized fixes based on impact

06896 GitHub stars

Use Cases

01Identifying unprotected API endpoints handling sensitive data

02Pre-deployment security audits for new web application features

03Verifying compliance with OWASP CSRF prevention standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills validating-csrf-protection

For use in Claude.ai and ChatGPT

Download Skill