← Back to Skills

Cors Audit

🌐Community
by psylch · vlatest · Repository

Scans web resources for CORS misconfigurations, identifying potential security vulnerabilities and unauthorized access risks.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add cors-audit npx -- -y @trustedskills/cors-audit
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "cors-audit": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/cors-audit"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The cors-audit skill performs a Cross-Origin Resource Sharing (CORS) audit on specified URLs. It checks if resources are properly configured to allow cross-origin requests, identifying potential security vulnerabilities and compliance issues. The tool provides detailed reports outlining allowed origins and any detected misconfigurations.

When to use it

  • Security Assessment: Before deploying a web application that relies on cross-origin resource sharing, verify its CORS configuration.
  • Troubleshooting API Access: Diagnose why your frontend application is unable to access an API due to CORS restrictions.
  • Compliance Checks: Ensure adherence to security best practices and relevant regulations regarding cross-origin requests.
  • Identifying Misconfigurations: Quickly identify unintentional or overly permissive CORS settings that could expose sensitive data.

Key capabilities

  • CORS configuration auditing
  • Detailed reporting of allowed origins
  • Identification of potential vulnerabilities related to CORS misconfiguration

Example prompts

  • "Audit the CORS configuration for https://example.com/api."
  • "Check if https://mywebapp.net allows requests from https://frontend.app."
  • "Perform a full CORS audit on all endpoints listed in this file: [file contents]"

Tips & gotchas

The skill requires the ability to make HTTP requests, so ensure your AI agent has appropriate network access and permissions. The accuracy of the results depends on the target server's response headers; some servers may not provide complete or accurate CORS information.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
psylch
Installs
7
Repository (canonical source) →

🌐 Community

Passed automated security scans.