How does it handle log injection?

It identifies instances where user-controlled input is concatenated directly into log messages instead of using structured context, which could allow attackers to forge log entries.

Can this skill detect passwords in logs?

Yes, it scans for patterns where sensitive variables like passwords, tokens, secrets, or credit card numbers are passed into logger methods, helping prevent PCI-DSS and GDPR violations.

Does it support PSR-3 standards?

Yes, the skill includes checks for log level discipline to ensure developers are using correct PSR-3 levels like CRITICAL, WARNING, and INFO appropriately.

What is OWASP A09:2021?

OWASP A09:2021 refers to Security Logging and Monitoring Failures, a critical vulnerability category where systems fail to record, monitor, or alert on security-relevant events, making breaches harder to detect.

PHP Security Logging Auditor

Name: PHP Security Logging Auditor
Author: dykyi-roman

bydykyi-roman

•

セキュリティとテスト

Audits PHP applications for OWASP A09:2021 compliance by detecting log injection, PII exposure, and insufficient monitoring.

This skill empowers Claude to identify critical security logging and monitoring failures within PHP codebases, specifically targeting OWASP A09:2021 vulnerabilities. It scans for dangerous patterns such as unescaped user input in logs (Log Injection), sensitive data like passwords or credit card numbers being logged, and silent exception swallowing that masks system failures. By providing clear severity ratings and remediation guidance, it helps developers build more resilient and observable applications that meet modern security and compliance standards like PCI-DSS and GDPR.

主な機能

0145 GitHub stars

02Detects Log Injection and CRLF injection vulnerabilities in PHP code

03Locates silent exception swallowing and inadequate error context

04Flags missing audit trails for critical security and authentication events

05Ensures adherence to PSR-3 log level standards and best practices

06Identifies PII and sensitive data leakage (passwords, CCs) in log files

ユースケース

01Automating code reviews to block accidental logging of sensitive user data

02Performing security audits for OWASP A09:2021 compliance

03Refactoring legacy PHP error handling to prevent silent failures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-logging-failures

For use in Claude.ai and ChatGPT

Download Skill