Anmelden
xrip

JS Analyzer Skill

by @xrip in AI & LLM
2
0
# Install this skill:
npx skills add xrip/claude-skill-analyze-js --skill "JS Analyzer Skill"

Install specific skill from multi-skill repository

# Description

Analyze JavaScript files for API endpoints, secrets, URLs, emails, sensitive files, and bundler versions

# SKILL.md

name: analyze-js
description: Analyze JavaScript files for API endpoints, secrets, URLs, emails, sensitive files, and bundler versions
examples:
- analyze-js bundle.js
- analyze-js src/
- analyze-js --verbose dist/

JS Analyzer Skill

Analyzes JavaScript files for security-relevant information using npx js-analyzer-cli.
Works in any project without installation.

Command

npx js-analyzer-cli [OPTIONS] <paths...>

Detection Categories

  • endpoints: REST APIs, GraphQL, OAuth, admin panels
  • urls: External links, cloud storage, WebSockets
  • secrets: API keys, tokens, JWT, credentials (auto-masked)
  • emails: Valid addresses (test emails filtered)
  • files: Sensitive file references (.env, configs, backups)
  • bundlers: Detected bundlers with versions (Webpack, Vite, Rollup, etc.)

Auto-filters noise: build artifacts, module imports, XML namespaces.

Options

  • --verbose - Show progress details
  • --format=json - JSON output (default: toon)
  • --pretty - Pretty print JSON
  • --no-recursive - Skip subdirectories

Directory Scanning

Default behavior:
- Finds .js, .jsx, .mjs files
- Skips node_modules/ and hidden dirs
- Recursive by default

Output Format

TOON format (default) - compact, LLM-optimized:

summary:
  total: 18
  endpoints: 4
  secrets: 1
findings:
  endpoints[4   ]{value location}:
    /api/v1/users   bundle.js:42:15
    /admin/dashboard    bundle.js:234:12
  secrets[1 ]{value location}:
    AKIA...MPLE (AWS Key)   bundle.js:312:25

Location format: file:line:column (clickable in IDEs)

How to Present Results

Start with summary, highlight critical findings (secrets, admin endpoints), group by category.

Example:

πŸ“Š Analysis: bundle.js (18 findings)

πŸ”΄ Critical:
β€’ AWS Key at bundle.js:312:25
β€’ Admin endpoint at bundle.js:234:12

Endpoints (4): /api/v1/users (bundle.js:42:15), /admin/dashboard (bundle.js:234:12), ...
Bundler: Webpack 5.88.2

Usage Flow

  1. Identify paths
  2. Add flags if needed
  3. Run: npx js-analyzer-cli [flags] <paths>
  4. Parse and present

Note: First run downloads package (~2s), then cached.

Security

For authorized testing only: pentesting, bug bounties, own applications, security audits.

# Related Skills

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.