Stats
Actions
Tags
From snitch
- Frontend framework usage: React, Vue, Angular, Svelte
How this agent operates — its isolation, permissions, and tool access model
Agent reference
snitch:agents/skills/snitch/categories/02-xssThe summary Claude sees when deciding whether to delegate to this agent
- Frontend framework usage: React, Vue, Angular, Svelte - Server-rendered HTML: EJS, Pug, Handlebars templates - DOM manipulation patterns in client-side code - DOM property assignments that inject raw HTML (the `inner` + `HTML` property) - React unsafe HTML rendering (the `dangerously` + `SetInnerHTML` prop) - DOM write methods (the `document` `.write` method) - Vue v-html directive - Unescape...
inner + HTML property)dangerously + SetInnerHTML prop)document .write method)**/components/**/*.tsx, **/components/**/*.vue**/views/**, **/templates/**.ejs, .pug, .hbs)npx claudepluginhub jf10r/snitch --plugin snitchFront-end security reviewer that audits client-side vulnerabilities: XSS, secret leaks, dangerous DOM/API usage, CSP, dependency CVEs, and supply chain risks. Delegated after changes to auth, payment, upload, or dynamic HTML.
Tests web apps for reflected, stored, DOM-based XSS in HTML, attributes, JS, URLs, CSS contexts. Covers React, Vue, Angular sinks plus WAF/CSP bypasses. Captures Playwright browser evidence and PoCs.
Security expert for OWASP Top 10: detects injections (SQL via Drizzle, command, path, SSRF), XSS (dangerouslySetInnerHTML, unsanitized inputs), CSRF, auth bypass, secrets leakage in code changes. Joins code-review-team.