How does this skill detect XSS risks?

The skill scans your codebase for patterns involving untrusted input, such as query parameters or user-generated content being rendered into the DOM without prior sanitization.

OpenWebF is a high-performance web rendering engine often used in cross-platform mobile development to render web content with native-like performance.

Does it automatically modify my files to fix security issues?

No, it follows a safety-first approach by providing concrete, minimal suggestions for you to review and apply manually.

Which documentation does it use for its recommendations?

It integrates with MCP tools to access the latest OpenWebF security sections regarding XSS prevention, HTML sanitization, and input validation.

OpenWebF Security & XSS Sanitization

Name: OpenWebF Security & XSS Sanitization
Author: archview-ai

byarchview-ai

0•

Security & Testing

Secures WebF applications by identifying and mitigating Cross-Site Scripting (XSS) risks through automated sanitization and input validation.

This skill helps developers maintain secure WebF applications by auditing code for potential XSS vulnerabilities and unsafe rendering patterns. It identifies untrusted input sources—such as user-generated content, remote data, or query parameters—and flags instances where innerHTML-like rendering is used without proper protection. By leveraging OpenWebF documentation via MCP tools, it provides concrete recommendations and minimal code fixes to ensure all data is correctly sanitized and validated before it hits the UI.

Key Features

01Cross-references security recommendations with official MCP documentation

020 GitHub stars

03Identifies untrusted input sources from UGC, remote content, and query params

04Detects unsafe HTML string rendering and missing sanitization patterns

05Provides actionable, minimal code suggestions for fixing vulnerabilities

06Recommends explicit sanitization strategies based on OpenWebF best practices

Use Cases

01Implementing safe rendering for user-generated content like comments or profiles

02Sanitizing data fetched from external APIs before displaying it in the UI

03Auditing a WebF application for security vulnerabilities before production release

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add archview-ai/webf-plugin openwebf-security-xss-sanitization

For use in Claude.ai and ChatGPT

Download Skill