Which vulnerabilities does this skill detect?

The skill detects a wide range of issues including SQLi, Command Injection, NoSQLi, CSRF, Path Traversal, Unsafe Deserialization, and Prototype Pollution.

What is the Tampering skill in Claude Code?

It is a specialized security capability designed to find code patterns that allow attackers to modify data, code, or configurations, mapping specifically to the Integrity property of the STRIDE threat model.

How does the skill handle different programming languages?

It uses heuristic patterns and grep-based analysis that apply to most languages, with specific logic for frameworks like Python (Jinja2, Pickle) and JavaScript (Prototype Pollution, Express).

Does it provide automated fixes for security issues?

Yes, when possible, the skill outputs findings with concrete remediation steps and diff-based fixes that can be applied to secure the code.

Data Integrity & Tampering Analysis

Name: Data Integrity & Tampering Analysis
Author: florianbuetow

byflorianbuetow

•

セキュリティとテスト

Identifies security vulnerabilities related to unauthorized data modification and injection attacks using the STRIDE threat model.

The Tampering skill is a specialized security analysis tool for Claude Code that maps to the 'T' (Tampering) category of the STRIDE threat model. It systematically scans codebases—focusing on database query builders, API handlers, and configuration loaders—to detect critical integrity risks such as SQL injection, OS command injection, unsafe deserialization, and cross-site request forgery (CSRF). By tracing user input through function calls and middleware, it provides developers with actionable findings, severity ratings, and concrete remediation steps to ensure application data remains uncorrupted and secure.

主な機能

01Scans for unsafe deserialization and prototype pollution risks in JavaScript environments

02Maps findings to industry-standard CWE IDs and STRIDE categories for professional auditing

03Detects multiple injection types including SQL, NoSQL, Command, and Template injection

04Validates integrity checks for file uploads, downloads, and inter-service messaging

05Identifies parameter tampering and mass assignment vulnerabilities in API endpoints

066 GitHub stars

ユースケース

01Automating security audits of database-driven applications to prevent injection attacks

02Hardening supply chain integrity by checking configuration loaders and package manifests

03Reviewing API request handlers for missing CSRF protection and unvalidated input

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code tampering

For use in Claude.ai and ChatGPT

Download Skill