Can it prevent SQL injection in Perl scripts?

Yes, it enforces the use of DBI placeholders and parameterized queries, providing examples for both standard DBI and DBIx::Class ORM to prevent string interpolation vulnerabilities.

How do I audit my existing Perl code for security flaws?

The skill includes a pre-configured perlcritic security theme and specific policies that can be run against your codebase to identify high-severity risks like two-arg open and string eval.

Does it support modern Perl web frameworks?

Yes, it includes best practices and security header configurations for popular frameworks like Mojolicious, Dancer2, and Catalyst.

How does this skill help with Perl's Taint Mode?

It provides specific patterns for enabling the -T flag, sanitizing the %ENV hash, and using regular expression captures to untaint data safely before use in sensitive operations.

What is the 'list form' of system calls mentioned?

Using the list form (passing multiple arguments) for system() or exec() prevents Perl from invoking a shell, which eliminates the risk of shell metacharacter injection.

Perl Security & Hardening

Name: Perl Security & Hardening
Author: affaan-m

byaffaan-m

•

156,033

•

セキュリティとテスト

Secures Perl applications by enforcing taint mode, preventing injections, and implementing robust input validation patterns.

The Perl Security skill provides a comprehensive framework for hardening Perl applications against common vulnerabilities. It offers domain-specific guidance on enabling Taint Mode (-T), implementing secure DBI parameterized queries, and preventing command injection through safe process execution. By integrating perlcritic security policies and best practices for web security (XSS, CSRF, SQLi), this skill ensures that Perl code—whether in legacy CGI scripts or modern frameworks like Mojolicious—is written with a defense-in-depth mindset.

主な機能

01Taint mode activation and sanitization patterns for external data

02Web vulnerability mitigation for XSS, CSRF, and session security

03Safe process execution using list-form system/exec and IPC::Run3

04156,033 GitHub stars

05Security-focused perlcritic configuration for automated code auditing

06Secure DBI parameterized queries and dynamic column allowlisting

ユースケース

01Hardening legacy Perl CGI or web scripts against modern injection attacks

02Implementing secure database access layers using DBI or DBIx::Class

03Automating security reviews and identifying ReDoS vulnerabilities in regex

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add affaan-m/everything-claude-code perl-security

For use in Claude.ai and ChatGPT

主な機能

01Taint mode activation and sanitization patterns for external data

02Web vulnerability mitigation for XSS, CSRF, and session security

03Safe process execution using list-form system/exec and IPC::Run3

04156,033 GitHub stars

05Security-focused perlcritic configuration for automated code auditing

06Secure DBI parameterized queries and dynamic column allowlisting

ユースケース

01Hardening legacy Perl CGI or web scripts against modern injection attacks

02Implementing secure database access layers using DBI or DBIx::Class

03Automating security reviews and identifying ReDoS vulnerabilities in regex

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add affaan-m/everything-claude-code perl-security

For use in Claude.ai and ChatGPT