validating-cors-policies
关于
This skill validates CORS policies to identify security vulnerabilities and misconfigurations. It's triggered by requests to check, analyze, or validate CORS headers and configurations. Using a dedicated plugin, it helps developers ensure proper implementation to prevent unauthorized cross-origin requests.
快速安装
Claude Code
推荐/plugin add https://github.com/jeremylongshore/claude-code-plugins-plusgit clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/validating-cors-policies在 Claude Code 中复制并粘贴此命令以安装该技能
技能文档
Overview
This skill empowers Claude to assess the security and correctness of CORS policies. By leveraging the cors-policy-validator plugin, it identifies misconfigurations and potential vulnerabilities in CORS settings, helping developers build more secure web applications.
How It Works
- Analyze CORS Configuration: The skill receives the CORS configuration details, such as headers or policy files.
- Validate Policy: It utilizes the cors-policy-validator plugin to analyze the provided configuration against established security best practices.
- Report Findings: The skill presents a detailed report outlining any identified vulnerabilities or misconfigurations in the CORS policy.
When to Use This Skill
This skill activates when you need to:
- Validate a CORS policy for a web application.
- Check the CORS configuration of an API endpoint.
- Identify potential security vulnerabilities in existing CORS implementations.
Examples
Example 1: Validating a CORS Policy File
User request: "Validate the CORS policy in cors_policy.json"
The skill will:
- Read the
cors_policy.jsonfile. - Use the cors-policy-validator plugin to analyze the CORS configuration.
- Output a report detailing any identified vulnerabilities or misconfigurations.
Example 2: Checking CORS Headers for an API Endpoint
User request: "Check CORS headers for the API endpoint at https://example.com/api"
The skill will:
- Fetch the CORS headers from the specified API endpoint.
- Use the cors-policy-validator plugin to analyze the headers.
- Output a report summarizing the CORS configuration and any potential issues.
Best Practices
- Configuration Source: Always specify the source of the CORS configuration (e.g., file path, URL) for accurate validation.
- Regular Validation: Regularly validate CORS policies, especially after making changes to the application or API.
- Heuristic Analysis: Consider supplementing validation with manual review and heuristic analysis to catch subtle vulnerabilities.
Integration
This skill can be integrated with other security-related plugins to provide a more comprehensive security assessment. For example, it can be used in conjunction with vulnerability scanning tools to identify potential cross-site scripting (XSS) vulnerabilities related to CORS misconfigurations.
GitHub 仓库
相关推荐技能
content-collections
元Content Collections 是一个 TypeScript 优先的构建工具,可将本地 Markdown/MDX 文件转换为类型安全的数据集合。它专为构建博客、文档站和内容密集型 Vite+React 应用而设计,提供基于 Zod 的自动模式验证。该工具涵盖从 Vite 插件配置、MDX 编译到生产环境部署的完整工作流。
sglang
元SGLang是一个专为LLM设计的高性能推理框架,特别适用于需要结构化输出的场景。它通过RadixAttention前缀缓存技术,在处理JSON、正则表达式、工具调用等具有重复前缀的复杂工作流时,能实现极速生成。如果你正在构建智能体或多轮对话系统,并追求远超vLLM的推理性能,SGLang是理想选择。
evaluating-llms-harness
测试该Skill通过60+个学术基准测试(如MMLU、GSM8K等)评估大语言模型质量,适用于模型对比、学术研究及训练进度追踪。它支持HuggingFace、vLLM和API接口,被EleutherAI等行业领先机构广泛采用。开发者可通过简单命令行快速对模型进行多任务批量评估。
langchain
元LangChain是一个用于构建LLM应用程序的框架,支持智能体、链和RAG应用开发。它提供多模型提供商支持、500+工具集成、记忆管理和向量检索等核心功能。开发者可用它快速构建聊天机器人、问答系统和自主代理,适用于从原型验证到生产部署的全流程。