Security vulnerability patterns and detection rules
Analyzes code for security vulnerabilities and suggests secure alternatives following OWASP best practices.
/plugin marketplace add l3ocho/mktpl-claude-datasaas/plugin install code-sentinel@mktpl-claude-datasaasThis skill inherits all available tools. When active, it can use any tool Claude has access to.
# VULNERABLE
query = f"SELECT * FROM users WHERE id = {user_id}"
query = "SELECT * FROM users WHERE id = " + user_id
# SAFE
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
User.objects.filter(id=user_id)
# VULNERABLE
os.system(f"convert {filename} output.png")
subprocess.run(cmd, shell=True)
# SAFE
subprocess.run(["convert", filename, "output.png"], shell=False)
shlex.quote(filename)
# VULNERABLE
eval(user_input)
exec(user_code)
# SAFE
ast.literal_eval(user_input) # Only for literals
# Use sandboxed execution environment
// VULNERABLE
element.innerHTML = userContent;
dangerouslySetInnerHTML={{__html: userData}}
// SAFE
element.textContent = userContent;
DOMPurify.sanitize(userContent)
# VULNERABLE
API_KEY = "sk-1234567890abcdef"
password = "admin123"
# SAFE
API_KEY = os.environ.get("API_KEY")
password = get_secret("db_password")
# VULNERABLE
data = pickle.loads(user_data)
config = yaml.load(file) # yaml.load without Loader
# SAFE
data = json.loads(user_data)
config = yaml.safe_load(file)
# WARNING
try:
risky_operation()
except:
pass
# BETTER
try:
risky_operation()
except SpecificError as e:
logger.error(f"Operation failed: {e}")
raise
# WARNING
response = requests.get(url)
# BETTER
response = requests.get(url, timeout=30)
# WARNING
file_path = os.path.join(base_dir, user_filename)
# BETTER
file_path = os.path.join(base_dir, os.path.basename(user_filename))
if not file_path.startswith(os.path.abspath(base_dir)):
raise ValueError("Invalid path")
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.