jeremylongshore

Validating CSRF Protection

@jeremylongshore/Validating CSRF Protection
jeremylongshore
1,004
123 forks
Updated 1/18/2026
View on GitHub

This skill helps to identify Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It validates the implementation of CSRF protection mechanisms, such as synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Use this skill when you need to analyze your application's security posture against CSRF attacks or when asked to "validate csrf", "check for csrf vulnerabilities", or "test csrf protection".

Installation

$skills install @jeremylongshore/Validating CSRF Protection
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositoryjeremylongshore/claude-code-plugins-plus-skills
Pathbackups/plugin-enhancements/plugin-backups/csrf-protection-validator_20251019_123105/skills/skill-adapter/SKILL.md
Branchmain
Scoped Name@jeremylongshore/Validating CSRF Protection

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: Validating CSRF Protection description: | This skill helps to identify Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It validates the implementation of CSRF protection mechanisms, such as synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Use this skill when you need to analyze your application's security posture against CSRF attacks or when asked to "validate csrf", "check for csrf vulnerabilities", or "test csrf protection".

Overview

This skill empowers Claude to analyze web applications for CSRF vulnerabilities. It assesses the effectiveness of implemented CSRF protection mechanisms, providing insights into potential weaknesses and recommendations for remediation.

How It Works

  1. Analyze Endpoints: The plugin examines application endpoints to identify those lacking CSRF protection.
  2. Assess Protection Mechanisms: It validates the implementation of CSRF protection mechanisms, including token validation, double-submit cookies, SameSite attributes, and origin validation.
  3. Generate Report: A detailed report is generated, highlighting vulnerable endpoints, potential attack scenarios, and recommended fixes.

When to Use This Skill

This skill activates when you need to:

  • Validate existing CSRF protection measures.
  • Identify CSRF vulnerabilities in a web application.
  • Assess the risk associated with unprotected endpoints.
  • Generate a report outlining CSRF vulnerabilities and recommended fixes.

Examples

Example 1: Identifying Unprotected API Endpoints

User request: "validate csrf"

The skill will:

  1. Analyze the application's API endpoints.
  2. Identify endpoints lacking CSRF protection, such as those handling sensitive data modifications.
  3. Generate a report outlining vulnerable endpoints and potential attack vectors.

Example 2: Checking SameSite Cookie Attributes

User request: "Check for csrf vulnerabilities in my application"

The skill will:

  1. Analyze the application's cookie settings.
  2. Verify that SameSite attributes are properly configured to mitigate CSRF attacks.
  3. Report any cookies lacking the SameSite attribute or using an insecure setting.

Best Practices

  • Regular Validation: Regularly validate CSRF protection mechanisms as part of the development lifecycle.
  • Comprehensive Coverage: Ensure all state-changing operations are protected against CSRF attacks.
  • Secure Configuration: Use secure configurations for CSRF protection mechanisms, such as strong token generation and proper SameSite attribute settings.

Integration

This skill can be used in conjunction with other security plugins to provide a comprehensive security assessment of web applications. For example, it can be combined with a vulnerability scanner to identify other potential vulnerabilities in addition to CSRF weaknesses.

More by jeremylongshore

View all
rabbitmq-queue-setup
1,004

Rabbitmq Queue Setup - Auto-activating skill for Backend Development. Triggers on: rabbitmq queue setup, rabbitmq queue setup Part of the Backend Development skill category.

model-evaluation-suite
1,004

evaluating-machine-learning-models: This skill allows Claude to evaluate machine learning models using a comprehensive suite of metrics. It should be used when the user requests model performance analysis, validation, or testing. Claude can use this skill to assess model accuracy, precision, recall, F1-score, and other relevant metrics. Trigger this skill when the user mentions "evaluate model", "model performance", "testing metrics", "validation results", or requests a comprehensive "model evaluation".

neural-network-builder
1,004

building-neural-networks: This skill allows Claude to construct and configure neural network architectures using the neural-network-builder plugin. It should be used when the user requests the creation of a new neural network, modification of an existing one, or assistance with defining the layers, parameters, and training process. The skill is triggered by requests involving terms like "build a neural network," "define network architecture," "configure layers," or specific mentions of neural network types (e.g., "CNN," "RNN," "transformer").

oauth-callback-handler
1,004

Oauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.