Toolverse
All skills
Security

validating-csrf-protection

by jeremylongshore

This skill helps to identify Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It validates the implementation of CSRF protection mechanisms, such as synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Use this skill when

Installation

Pick a client and clone the repository into its skills directory.

Installation

Quick info

Author
jeremylongshore
Category
Security
Views
2
GitHub repo

About this skill

This skill helps to identify Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It validates the implementation of CSRF protection mechanisms, such as synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Use this skill when you need to analyze your application's security posture against CSRF attacks or when asked to \

How to use

  1. Zainstaluj umiejętność w swoim środowisku Claude, dodając ją do dostępnych narzędzi agenta.

  2. Aktywuj analizę poprzez polecenie takie jak "validate csrf", "Check for csrf vulnerabilities in my application" lub "test csrf protection" — umiejętność automatycznie rozpozna te frazy.

  3. Przygotuj informacje o aplikacji: dostarcz szczegóły dotyczące endpointów API, mechanizmów uwierzytelniania oraz obecnych zabezpieczeń przed CSRF.

  4. Czekaj na analizę — umiejętność przeskanuje endpointy aplikacji w poszukiwaniu braków w ochronie CSRF, szczególnie tych obsługujących modyfikacje wrażliwych danych.

  5. Przejrzyj wygenerowany raport zawierający listę podatnych endpointów, możliwe wektory ataku oraz konkretne rekomendacje naprawcze dotyczące tokenów, ciasteczek i atrybutów bezpieczeństwa.

  6. Wdrażaj sugerowane poprawki w kolejności priorytetów wskazanych w raporcie, aby wzmocnić ochronę aplikacji.

Related skills

senior-security

by davila7

Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture,

Security
2482

1password

by openclaw

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

Security
1174

reviewing-code

by CaptainCrouton89

Systematically evaluate code changes for security, correctness, performance, and spec alignment. Use when reviewing PRs, assessing code quality, or verifying implementation against requirements.

Security
1493

zendesk

by vm0-ai

Zendesk Support REST API for managing tickets, users, organizations, and support operations. Use this skill to create tickets, manage users, search, and automate customer support workflows.

Security
11100

google-analytics

by davila7

Analyze Google Analytics data, review website performance metrics, identify traffic patterns, and suggest data-driven improvements. Use when the user asks about analytics, website metrics, traffic analysis, conversion rates, user behavior, or performance optimization.

Security
1260

architect-review

by sickn33

Master software architect specializing in modern architecture patterns, clean architecture, microservices, event-driven systems, and DDD. Reviews system designs and code changes for architectural integrity, scalability, and maintainability. Use PROACTIVELY for architectural

Security
2773