This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox pentesting.
From vuln-scoutnpx claudepluginhub allsmog/vuln-scout --plugin vuln-scoutThis skill uses the workspace's default tool permissions.
disable-functions-bypass.mdreferences/dotnet-sinks.mdreferences/go-ruby-sinks.mdreferences/java-sinks.mdreferences/javascript-sinks.mdreferences/kotlin-sinks.mdreferences/nginx-sinks.mdreferences/php-sinks.mdreferences/python-sinks.mdreferences/rust-sinks.mdreferences/solidity-sinks.mdreferences/swift-sinks.mdDesigns and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Provide comprehensive knowledge of security-sensitive functions (sinks) across programming languages for whitebox penetration testing. These functions are common targets during code review because improper use leads to critical vulnerabilities.
Activate this skill during:
Sources: Entry points where user input enters the application
Sinks: Functions where malicious input causes damage
| Category | Impact | Common Languages |
|---|---|---|
| Command Injection | Remote Code Execution | All |
| Code Injection | Remote Code Execution | PHP, Python, JS |
| SQL Injection | Data breach | All with databases |
| Deserialization | Remote Code Execution | Java, PHP, Python, .NET |
| File Operations | LFI/RFI/Arbitrary Write | All |
| SSRF | Internal network access | All |
| Template Injection | Remote Code Execution | Python, Java, JS |
| Reentrancy | Fund theft | Solidity |
| Flash Loan Attacks | Price/state manipulation | Solidity |
| Access Control | Privilege escalation | Solidity |
Determine the primary language(s) used:
Consult the appropriate reference file for comprehensive sink lists:
references/php-sinks.md for PHP applicationsreferences/java-sinks.md for Java applicationsreferences/python-sinks.md for Python applicationsreferences/javascript-sinks.md for Node.js/JavaScriptreferences/dotnet-sinks.md for .NET/C# applicationsreferences/go-ruby-sinks.md for Go and Rubyreferences/rust-sinks.md for Rust applicationsreferences/kotlin-sinks.md for Kotlin/Android applications (preview -- not in supported language list)references/swift-sinks.md for Swift/iOS applications (preview -- not in supported language list)references/solidity-sinks.md for Solidity smart contractsUse Grep tool to search for dangerous functions:
For each identified sink, document:
Rank findings using this framework:
| Priority | Criteria |
|---|---|
| Critical | Direct user input reaches sink |
| High | Database/file data (user-controlled) reaches sink |
| Medium | Authenticated user input reaches sink |
| Low | Admin-only input reaches sink |
| Info | Hardcoded values only |
When reviewing identified sinks, consider:
For comprehensive function lists by language, consult:
references/php-sinks.md - PHP dangerous functions with grep patternsreferences/java-sinks.md - Java dangerous functions with grep patternsreferences/python-sinks.md - Python dangerous functions with grep patternsreferences/javascript-sinks.md - JavaScript/Node.js dangerous functionsreferences/dotnet-sinks.md - .NET/C# dangerous functionsreferences/go-ruby-sinks.md - Go and Ruby dangerous functionsreferences/rust-sinks.md - Rust dangerous functions (unsafe, FFI, etc.)references/kotlin-sinks.md - Kotlin/Android dangerous functions (preview -- not in supported language list)references/swift-sinks.md - Swift/iOS dangerous functions (preview -- not in supported language list)references/solidity-sinks.md - Solidity smart contract sinks (reentrancy, access control, flash loans)