Stats
Actions
Tags
From soundcheck
Detects open redirect vulnerabilities (CWE-601) where user-controlled URLs are used in redirects, enabling phishing and OAuth callback abuse. Use when handling redirects from request parameters, form input, or login 'return to' URLs.
How this skill is triggered — by the user, by Claude, or both
Slash command
/soundcheck:open-redirectThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Protects against open redirect vulnerabilities where an attacker crafts a link that
Protects against open redirect vulnerabilities where an attacker crafts a link that redirects users from a trusted domain to a malicious site. Used in phishing campaigns to make malicious links appear legitimate, and in OAuth flows to steal authorization codes.
window.location and equivalents) assigned a value derived from the URL or form input with no validation.allowed.com.evil.com passes a naive prefix check.Flag the vulnerable code and explain the risk. Then suggest a fix that establishes these properties. Translate each property into the audited file's language and HTTP framework — use that framework's documented URL-parsing and redirect APIs.
//
parses as a protocol-relative URL and redirects to whatever host follows.
Checking only for http:// and https:// misses this.//) are blocked — not just absolute http:// and https:// URLsnpx claudepluginhub thejefflarson/soundcheck --plugin soundcheckValidates redirect URLs against an allowlist to prevent open redirect vulnerabilities in login, logout, OAuth callback, and redirect-after-action endpoints.
Provides a checklist for open redirect vulnerability testing: parameter identification, bypass techniques (URL encoding, CRLF injection), and chaining with OAuth/SSRF. For authorized security research.
Tests open redirect vulnerabilities by analyzing URL parameters, applying bypass techniques, and chaining exploits for phishing and token theft.