← Back to the catalog Use when reviewing frontend security risks such as XSS, CSRF, sensitive data exposure, unsafe DOM APIs, untrusted user input, authentication/token handling, payment flows, file upload, CSP, dependency risk, or third-party scripts; Chinese triggers include 安全审查, 安全检查.
View on GitHub ↗ Copy repo URL Copy SKILL.md link License: MIT /plugin marketplace add bovinphang/frontend-craft The exact command may vary by repository. Check the README on GitHub.
For the skill author
Shows your skill is listed on Skillteca, generates a backlink and trackable traffic.
Markdown HTML
[](https://www.skillteca.com.br/skills/fec-security-review?utm_source=badge&utm_medium=readme&utm_campaign=badge) Copy snippet Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
Design e Frontend #test by anthropics
Applies Anthropic's official brand colors and typography to any artifact that may benefit from its look-and-feel. Use it when brand colors, style guidelines, visual formatting, or company design standards apply.
Design e Frontend by anthropics
Creates distinctive, production-grade frontend interfaces with high design quality, generating creative, polished code and UI design that avoids generic AI aesthetics. Use for building web components, pages, and applications, or for styling/beautifying web UIs.
Design e Frontend #css #ai by anthropics
Suite of tools for creating elaborate, multi-component claude.ai HTML artifacts using modern frontend web technologies (React, Tailwind CSS, shadcn/ui). Use for complex artifacts requiring state management, routing, or shadcn/ui components - not for simple single-file HTML/JSX artifacts.
Design e Frontend #css #ai by anthropics
Category alert
One short email with only the new Design e Frontend skills. 4 minutes of reading, no spam, unsubscribe with one click.
You confirm your email on the first send. No spam. Unsubscribe with one click.
前端安全审查
Purpose
识别前端代码中的客户端安全风险,并给出可执行修复建议。
Procedure
先确认审查面:用户输入、动态 HTML、URL 跳转、认证态、RBAC、文件上传、支付/删除等敏感操作、第三方脚本和依赖。
搜索高危模式:dangerouslySetInnerHTML、v-html、innerHTML、document.write、动态 script、未校验 redirect、明文 token。
按风险类型审查:XSS、CSP、敏感数据、CSRF、依赖、输入校验、文件上传、开放重定向、认证授权和第三方脚本。
用边界模型判断责任:客户端只能改善体验和减少误用,鉴权、授权、上传信任和敏感操作必须由服务端最终裁决。
高危问题标记为阻塞合并;前端校验只能改善体验,不能作为唯一安全边界。
输出分级安全报告;报告格式见 references/report-template.md 。
Detailed References
Constraints
不要为了方便开发而绕过安全机制。
不要依赖前端校验作为唯一安全防线。
不要信任任何来自客户端的数据。
发现高危问题时必须标记为阻塞合并。
与通用代码质量 review 分工:本 skill 关注威胁、攻击面和数据泄露。
不把依赖审计结果机械等同为可利用漏洞;需要结合运行路径、暴露面和修复成本判断。
不把隐藏按钮、前端路由守卫或本地角色字段当作授权边界;API、SSR loader、server action 和敏感操作必须有服务端裁决。
Expected Output
输出 CRITICAL/HIGH/MEDIUM/LOW 分级安全审查报告,每个问题关联具体文件和行号,给出修复建议;报告保存为 reports/security-review-YYYY-MM-DD-HHmmss.md。
Read full description↓
Comments · No comments No comments yet. Be the first. 