Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From soundcheck
Detects file operations with user-controlled paths vulnerable to directory traversal, absolute path injection, or symlink escapes. Use when writing code that opens, reads, writes, or deletes files using paths from user input.
How this skill is triggered — by the user, by Claude, or both
Slash command
/soundcheck:path-traversalThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Protects against directory traversal attacks where an attacker uses `../` sequences,
Protects against directory traversal attacks where an attacker uses ../ sequences,
absolute paths, or symlinks to access files outside the intended directory. Exploitation
leads to reading sensitive files (/etc/passwd, .env, private keys), overwriting
configuration, or achieving remote code execution via file write.
.. segments but do not verify the final path stays under the intended root, and many treat an absolute caller-supplied path as overriding the base.Flag the vulnerable code and explain the risk. Then suggest a fix that establishes these properties. Translate each property into the audited file's language and filesystem API — use that platform's documented canonicalization and symlink- resolution call.
.. segments
but do not verify containment.npx claudepluginhub thejefflarson/soundcheck --plugin soundcheckBlocks path traversal attacks by canonicalizing and validating filesystem paths constructed from user input. Applies when building file upload, download, or serving features.
Detects path traversal and Zip Slip vulnerabilities in JS/TS/Python/Go where user-controlled paths escape directories. Audit file uploads, archive extractions, static servers.
Detects path traversal vulnerabilities in PHP code including directory traversal, LFI/RFI, file uploads, symlink attacks, zip slip, and null byte injection.