analyzing-security-headers
关于
This skill automatically analyzes a website's HTTP security headers to identify vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and actionable recommendations for improvement. Developers should use it when performing security audits or when users request checks for security headers or website vulnerabilities.
快速安装
Claude Code
推荐/plugin add https://github.com/jeremylongshore/claude-code-plugins-plusgit clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/analyzing-security-headers在 Claude Code 中复制并粘贴此命令以安装该技能
技能文档
Overview
This skill allows Claude to automatically analyze a website's HTTP security headers and provide a comprehensive report. It identifies missing or misconfigured headers and offers actionable recommendations to improve security posture.
How It Works
- Receives URL: Claude receives a URL or domain name from the user.
- Analyzes Headers: The plugin fetches the HTTP headers from the specified URL and analyzes them against security best practices.
- Generates Report: The plugin generates a detailed report, including a security grade, score, and specific recommendations for missing or misconfigured headers.
When to Use This Skill
This skill activates when you need to:
- Analyze the security posture of a website.
- Identify missing or misconfigured HTTP security headers.
- Get recommendations for improving website security.
- Audit a website for compliance with security best practices.
Examples
Example 1: Security Audit
User request: "Analyze the security headers for example.com"
The skill will:
- Fetch the HTTP headers from example.com.
- Analyze the headers for common security vulnerabilities.
- Generate a report outlining the security grade, score, and any identified issues with recommendations.
Example 2: Quick Security Check
User request: "Check HTTP security for mywebsite.net"
The skill will:
- Fetch the HTTP headers from mywebsite.net.
- Analyze the headers for common security vulnerabilities.
- Generate a report outlining the security grade, score, and any identified issues with recommendations.
Best Practices
- Prioritize HSTS: Ensure HSTS is properly configured to prevent downgrade attacks.
- Implement CSP: Start with a strict Content Security Policy to mitigate XSS vulnerabilities.
- Regularly Scan: Schedule regular scans to identify new vulnerabilities and misconfigurations.
Integration
This skill can be used in conjunction with other security plugins to provide a more comprehensive security assessment. For example, it can be paired with a vulnerability scanner to identify both header-related and code-level vulnerabilities.
GitHub 仓库
相关推荐技能
content-collections
元Content Collections 是一个 TypeScript 优先的构建工具,可将本地 Markdown/MDX 文件转换为类型安全的数据集合。它专为构建博客、文档站和内容密集型 Vite+React 应用而设计,提供基于 Zod 的自动模式验证。该工具涵盖从 Vite 插件配置、MDX 编译到生产环境部署的完整工作流。
sglang
元SGLang是一个专为LLM设计的高性能推理框架,特别适用于需要结构化输出的场景。它通过RadixAttention前缀缓存技术,在处理JSON、正则表达式、工具调用等具有重复前缀的复杂工作流时,能实现极速生成。如果你正在构建智能体或多轮对话系统,并追求远超vLLM的推理性能,SGLang是理想选择。
evaluating-llms-harness
测试该Skill通过60+个学术基准测试(如MMLU、GSM8K等)评估大语言模型质量,适用于模型对比、学术研究及训练进度追踪。它支持HuggingFace、vLLM和API接口,被EleutherAI等行业领先机构广泛采用。开发者可通过简单命令行快速对模型进行多任务批量评估。
langchain
元LangChain是一个用于构建LLM应用程序的框架,支持智能体、链和RAG应用开发。它提供多模型提供商支持、500+工具集成、记忆管理和向量检索等核心功能。开发者可用它快速构建聊天机器人、问答系统和自主代理,适用于从原型验证到生产部署的全流程。