sc-websocket
CommunityDetect WebSocket security flaws quickly
Software Engineering#security#authentication#vulnerability#injection#real-time#websocket#origin-validation
Authorersinkoc
Version1.0.0
Installs0
System Documentation
What problem does it solve?
WebSocket security is often overlooked in real-time web applications. This skill identifies critical weaknesses such as missing origin validation, missing authentication on upgrade, cross-site WebSocket hijacking risks, and unsafe message handling, helping teams harden WebSocket endpoints.
Core Features & Use Cases
- Origin validation checks: detects whether the WebSocket upgrader enforces a strict origin policy.
- Authentication enforcement: flags upgrade paths that allow unauthenticated connections.
- Message validation & injection protection: identifies unsafe or unvalidated messages that could enable injection.
- Protocol and transport guidance: warns about ws:// usage and offers secure alternatives (wss://) when appropriate.
- Use Case: suitable for Node.js, Go, Python, and other WebSocket servers, including Socket.IO, gorilla/websocket, and SignalR implementations.
Quick Start
Run the scanner against your WebSocket-enabled project to identify origin validation gaps, missing authentication, and message validation weaknesses.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sc-websocket Download link: https://github.com/ersinkoc/security-check/archive/main.zip#sc-websocket Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.