← Back to Skills

Csrf Protection

🌐Community
by aj-geddes · vlatest · Repository

Csrf Protection safeguards against Cross-Site Request Forgery attacks by validating user requests, ensuring data integrity and preventing malicious manipulation.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add csrf-protection npx -- -y @trustedskills/csrf-protection
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "csrf-protection": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/csrf-protection"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

The csrf-protection skill enables AI agents to identify and mitigate Cross-Site Request Forgery vulnerabilities during web interactions. It ensures that state-changing requests are validated against authentic user sessions, preventing unauthorized actions on behalf of authenticated users.

When to use it

  • Before an agent submits forms or performs transactions on a target website.
  • When analyzing API endpoints that modify data without explicit authentication headers.
  • During security audits of web applications where session hijacking is a risk.
  • To validate that cookies and tokens are properly bound to specific domains.

Key capabilities

  • Detects missing or weak CSRF tokens in HTML forms and AJAX requests.
  • Verifies that SameSite cookie attributes are correctly configured.
  • Identifies vulnerabilities where state-changing operations lack origin validation.
  • Simulates attack vectors to test the robustness of existing defenses.

Example prompts

  • "Scan this website for potential CSRF vulnerabilities in its login and payment forms."
  • "Analyze the API response headers to determine if they include necessary anti-CSRF measures."
  • "Generate a test payload to verify if this endpoint is susceptible to cross-site request forgery."

Tips & gotchas

Ensure the target application supports standard CSRF token mechanisms before relying solely on automated detection. This skill complements, but does not replace, manual security testing for complex custom authentication flows.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
aj-geddes
Installs
102
Repository (canonical source) →

🌐 Community

Passed automated security scans.