analyzing-security-headers
について
このスキルは、ウェブサイトのHTTPセキュリティヘッダーを自動分析し、脆弱性や設定ミスを特定します。詳細なレポートとして、評価グレード、スコア、改善のための具体的な推奨事項を提供します。開発者は、セキュリティ監査を実施する際や、ユーザーからセキュリティヘッダーやウェブサイトの脆弱性チェックを依頼された際に、このスキルを使用すべきです。
クイックインストール
Claude Code
推奨/plugin add https://github.com/jeremylongshore/claude-code-plugins-plusgit clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/analyzing-security-headersこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Overview
This skill allows Claude to automatically analyze a website's HTTP security headers and provide a comprehensive report. It identifies missing or misconfigured headers and offers actionable recommendations to improve security posture.
How It Works
- Receives URL: Claude receives a URL or domain name from the user.
- Analyzes Headers: The plugin fetches the HTTP headers from the specified URL and analyzes them against security best practices.
- Generates Report: The plugin generates a detailed report, including a security grade, score, and specific recommendations for missing or misconfigured headers.
When to Use This Skill
This skill activates when you need to:
- Analyze the security posture of a website.
- Identify missing or misconfigured HTTP security headers.
- Get recommendations for improving website security.
- Audit a website for compliance with security best practices.
Examples
Example 1: Security Audit
User request: "Analyze the security headers for example.com"
The skill will:
- Fetch the HTTP headers from example.com.
- Analyze the headers for common security vulnerabilities.
- Generate a report outlining the security grade, score, and any identified issues with recommendations.
Example 2: Quick Security Check
User request: "Check HTTP security for mywebsite.net"
The skill will:
- Fetch the HTTP headers from mywebsite.net.
- Analyze the headers for common security vulnerabilities.
- Generate a report outlining the security grade, score, and any identified issues with recommendations.
Best Practices
- Prioritize HSTS: Ensure HSTS is properly configured to prevent downgrade attacks.
- Implement CSP: Start with a strict Content Security Policy to mitigate XSS vulnerabilities.
- Regularly Scan: Schedule regular scans to identify new vulnerabilities and misconfigurations.
Integration
This skill can be used in conjunction with other security plugins to provide a more comprehensive security assessment. For example, it can be paired with a vulnerability scanner to identify both header-related and code-level vulnerabilities.
GitHub リポジトリ
関連スキル
content-collections
メタThis skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.
evaluating-llms-harness
テストThis Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.
sglang
メタSGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.
cloudflare-turnstile
メタThis skill provides comprehensive guidance for implementing Cloudflare Turnstile as a CAPTCHA-alternative bot protection system. It covers integration for forms, login pages, API endpoints, and frameworks like React/Next.js/Hono, while handling invisible challenges that maintain user experience. Use it when migrating from reCAPTCHA, debugging error codes, or implementing token validation and E2E tests.