一键在 Manus 中运行任何 Skill

$pwd:

sast-browser-security-testing

Name: Sast Browser Security Testing
Author: anshumanbh

// Investigate browser security vulnerabilities including CORS misconfiguration, CSRF, clickjacking, and cookie security. Use when threat model identifies CWE-346 (Origin Validation), CWE-942 (Permissive CORS), CWE-352 (CSRF), CWE-1021 (Clickjacking), or browser security concerns.

在 Manus 中运行

$ git log --oneline --stat

stars:17

forks:6

updated:2025年12月18日 18:46

SKILL.md

readonly

related-skills.json

同仓库

sast-authentication-testing.md

from "anshumanbh/vulnvibes"

Investigate authentication vulnerabilities in source code including missing authentication, weak authentication, and session management issues. Use when threat model identifies CWE-287 (Improper Authentication), CWE-384 (Session Fixation), CWE-306 (Missing Authentication), or authentication concerns.

2025-12-1817

sast-authorization-testing.md

from "anshumanbh/vulnvibes"

Investigate authorization vulnerabilities in source code including IDOR, privilege escalation, and missing access controls. Use when threat model identifies CWE-639 (IDOR), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-269 (Privilege Escalation), or access control concerns.

2025-12-1817

sast-cryptography-testing.md

from "anshumanbh/vulnvibes"

Investigate cryptographic vulnerabilities in source code including weak algorithms, hardcoded secrets, and improper key management. Use when threat model identifies CWE-327 (Use of Broken Crypto), CWE-798 (Hardcoded Credentials), CWE-326 (Inadequate Encryption), or cryptography concerns.

2025-12-1817

sast-data-exposure-testing.md

from "anshumanbh/vulnvibes"

Investigate data exposure vulnerabilities in source code including PII leakage, sensitive data logging, and information disclosure. Use when threat model identifies CWE-200 (Information Exposure), CWE-532 (Sensitive Data in Logs), CWE-359 (Privacy Violation), or data exposure concerns.

2025-12-1817

sast-deserialization-testing.md

from "anshumanbh/vulnvibes"

Investigate insecure deserialization vulnerabilities that can lead to RCE or data manipulation. Use when threat model identifies CWE-502 (Deserialization of Untrusted Data), CWE-915 (Mass Assignment), or object deserialization concerns.

2025-12-1817

sast-file-security-testing.md

from "anshumanbh/vulnvibes"

Investigate file operation vulnerabilities including unrestricted file upload, path traversal in file operations, and insecure file handling. Use when threat model identifies CWE-434 (Unrestricted Upload), CWE-73 (External Control of File Path), CWE-427 (Uncontrolled Search Path), or file security concerns.

2025-12-1817

package.json

"author": "anshumanbh"

"repository": "anshumanbh/vulnvibes"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

信息安全分析师计算机与数学类职业15-1212L4

name	sast-browser-security-testing
description	Investigate browser security vulnerabilities including CORS misconfiguration, CSRF, clickjacking, and cookie security. Use when threat model identifies CWE-346 (Origin Validation), CWE-942 (Permissive CORS), CWE-352 (CSRF), CWE-1021 (Clickjacking), or browser security concerns.
allowed-tools	Read, Grep, Glob

Auth Type	How to Detect	CORS Risk	CSRF Risk
Cookies only	`Set-Cookie`, `res.cookie()`, `httpOnly`, session middleware	HIGH if `credentials: true`	HIGH
Headers + localStorage	`localStorage.setItem`, `Authorization: Bearer`, NO `withCredentials`	LOW	LOW
Mixed (both)	Both cookie and header patterns present	MEDIUM	MEDIUM

name	sast-browser-security-testing
description	Investigate browser security vulnerabilities including CORS misconfiguration, CSRF, clickjacking, and cookie security. Use when threat model identifies CWE-346 (Origin Validation), CWE-942 (Permissive CORS), CWE-352 (CSRF), CWE-1021 (Clickjacking), or browser security concerns.
allowed-tools	Read, Grep, Glob

Auth Type	How to Detect	CORS Risk	CSRF Risk
Cookies only	`Set-Cookie`, `res.cookie()`, `httpOnly`, session middleware	HIGH if `credentials: true`	HIGH
Headers + localStorage	`localStorage.setItem`, `Authorization: Bearer`, NO `withCredentials`	LOW	LOW
Mixed (both)	Both cookie and header patterns present	MEDIUM	MEDIUM

sast-browser-security-testing

同仓库更多 Skills

同仓库更多 Skills

SAST Browser Security Testing Skill

Purpose

CRITICAL: Authentication Mechanism Check

Authentication Detection Steps

Vulnerability Types Covered

1. Permissive CORS Configuration (CWE-942, CWE-346)

2. Cross-Site Request Forgery (CWE-352)

3. Clickjacking (CWE-1021)

4. Insecure Cookie Configuration (CWE-614, CWE-1004, CWE-1275)

Investigation Methodology

Step 1: Identify Auth Mechanism (CRITICAL)

Step 2: Find CORS Configuration

Step 3: Identify State-Changing Endpoints

Step 4: Check Security Headers

Step 5: Analyze Cookie Settings

Step 6: Cross-Reference with Org

Classification Criteria

Output Format

CWE Mapping

CORS & Origin Validation

CSRF

Clickjacking

Cookie Security

Related

Cross-Skill Dependencies

Safety Rules

SAST Browser Security Testing Skill

Purpose

CRITICAL: Authentication Mechanism Check

Authentication Detection Steps

Vulnerability Types Covered

1. Permissive CORS Configuration (CWE-942, CWE-346)

2. Cross-Site Request Forgery (CWE-352)

3. Clickjacking (CWE-1021)

4. Insecure Cookie Configuration (CWE-614, CWE-1004, CWE-1275)

Investigation Methodology

Step 1: Identify Auth Mechanism (CRITICAL)

Step 2: Find CORS Configuration

Step 3: Identify State-Changing Endpoints

Step 4: Check Security Headers

Step 5: Analyze Cookie Settings

Step 6: Cross-Reference with Org

Classification Criteria

Output Format

CWE Mapping

CORS & Origin Validation

CSRF

Clickjacking

Cookie Security

Related

Cross-Skill Dependencies

Safety Rules