Skill

integrity-failures

Checks for software and data integrity failures like unsafe deserialization (pickle, YAML load), unverified updates, tampered CI/CD artifacts in Python, Java, Ruby, PHP, .NET code.

Python

Java

npx claudepluginhub thejefflarson/soundcheck --plugin soundcheck

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Protects against arbitrary code execution and tampered artifacts. Deserializing

SKILL.md

Similar Skills

insecure-deserialization-checker

2.0k

Validates insecure deserialization operations with step-by-step guidance, best practices, code generation, and validation for security fundamentals.

4 tools

jeremylongshore-claude-code-plugins-plus-skills

vuln-patterns-deserialization

Audits Python code for CWE-502 deserialization vulnerabilities in pickle, yaml.load, torch.load, joblib.load, shelve, marshal, custom JSON hooks, and zmq.recv_pyobj.

1 file

vuln-skills

check-deserialization

Analyzes PHP code for insecure deserialization vulnerabilities including unserialize with user input, missing allowed_classes, object injection, gadget chains, and Phar metadata triggers.

acc

Stats

Stars13

Forks0

Last CommitApr 18, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Software and Data Integrity Failures Security Check (A08:2025)

What this checks

Protects against arbitrary code execution and tampered artifacts. Deserializing untrusted data with pickle or unsafe YAML loaders gives attackers remote code execution; unsigned software updates allow supply-chain compromise.

Vulnerable patterns

pickle.loads(request.body) — executes arbitrary code embedded in pickled payload
yaml.load(user_input) — unsafe loader; runs Python constructors in YAML
data = json.loads(body); eval(data["expr"]) — deserializing into executable eval
urllib.request.urlretrieve(update_url, "update.bin") — no signature verification
Trusting __reduce__ or __wakeup output from user-controlled serialized blobs
JSON/YAML deserialized and returned to callers with no field-level schema check

Fix immediately

Flag the vulnerable code and explain the risk. Then suggest a fix that establishes these properties:

No code-executing deserializer touches untrusted input. Replace pickle, marshal, shelve, Java ObjectInputStream, Ruby Marshal.load, PHP unserialize, .NET BinaryFormatter, and unsafe yaml.load with a data-only format: JSON, yaml.safe_load, protobuf, CBOR without tags.
Every deserialized object from untrusted input is validated against an explicit schema — field names, types, allowed values — before any field is read by business logic. Applies to JSON, YAML, XML, form bodies, message-queue payloads, binary bincode/msgpack; format doesn't matter.
Artifacts are signature- or digest-verified before trust. Software updates, plugin loads, CI-artifact downloads: check a cryptographic signature against a trusted public key, or a digest against a pinned hash, before executing or loading.
Keys and pinned hashes come from outside the source tree — environment variable, secrets manager, OS keystore, or a build-time constant baked into the binary. A value received as a function parameter with no visible origin does not demonstrate this.

Anchor — shape, not implementation:

data = json_load(untrusted_bytes)          # never pickle/marshal/yaml.load
validate(data, schema=EXPLICIT_SCHEMA)     # reject unknown fields and bad types
use(data)                                  # safe only after validation

Verification

Confirm these properties hold for every relevant pattern present:

No code-executing deserializer (pickle, marshal, shelve, ObjectInputStream.readObject, Marshal.load, unserialize, BinaryFormatter, unsafe yaml.load) receives attacker-reachable bytes. Safe formats (JSON, yaml.safe_load, protobuf) may accept untrusted input if the next criterion is met.
Every deserialized object produced from untrusted input is validated against an explicit schema — field names, types, allowed values — before any field reaches business logic
For every software-update, plugin-load, or CI-artifact download, the artifact's signature or digest is verified before it is executed, loaded, or written to a trusted path
Verification keys and pinned hashes are read from an environment variable, secrets manager, OS keystore, or build-time constant — not hardcoded literals in source, and not opaque function parameters

References

CWE-502 (Deserialization of Untrusted Data)
CWE-345 (Insufficient Verification of Data Authenticity)
OWASP A08:2025 – Software and Data Integrity Failures