Can it detect SQL injection in stored procedures?

Yes, provided the SQL definition files or database exports containing the stored procedure logic are available within the accessible directory for analysis.

How does the skill identify a vulnerability?

It scans for patterns where user-controlled input is directly concatenated, interpolated, or formatted into SQL strings instead of using safe parameterized queries or prepared statements.

Is the output compatible with other security tools?

Yes, in addition to human-readable Markdown reports, it can generate SARIF format files for GitHub Security scanning and JSON for vulnerability management systems.

Does it automatically fix the vulnerable code?

The skill provides precise secure code replacements and remediation steps in its report, which Claude can then use to help you apply the fixes to your source files.

Which programming languages does this skill support?

The skill supports most major languages and frameworks including Python, JavaScript/Node.js, Java, PHP, and Ruby, along with their respective ORMs and database drivers.

SQL Injection Security Detector

Name: SQL Injection Security Detector
Author: BbgnsurfTech

byBbgnsurfTech

•

セキュリティとテスト

Scans application source code to identify, analyze, and remediate SQL injection vulnerabilities in database queries.

概要

This skill empowers Claude to perform automated security audits of your codebase, specifically targeting SQL injection (SQLi) risks. It systematically discovers database interaction patterns—including direct SQL queries and ORM usage—across various frameworks like Django, Rails, and Express. By analyzing query construction for dangerous patterns like string concatenation or unvalidated input, it provides detailed vulnerability reports with severity classifications, exploit examples, and secure code replacements to help developers harden their applications against injection attacks.

主な機能

Comprehensive security reports with CWE-89 mapping and CVSS severity ratings
3 GitHub stars
Framework-aware analysis for ORMs including SQLAlchemy, Hibernate, and ActiveRecord
Multi-format output support including Markdown, SARIF, and JSON
Practical remediation guidance with language-specific secure code snippets
Automated scanning for vulnerable SQL concatenation and formatting patterns

ユースケース

Validating that new feature code adheres to secure parameterized query patterns
Pre-deployment security audits to catch SQLi vulnerabilities during CI/CD
Reviewing legacy codebases for hidden database security risks and technical debt

概要

主な機能

Comprehensive security reports with CWE-89 mapping and CVSS severity ratings
3 GitHub stars
Framework-aware analysis for ORMs including SQLAlchemy, Hibernate, and ActiveRecord
Multi-format output support including Markdown, SARIF, and JSON
Practical remediation guidance with language-specific secure code snippets
Automated scanning for vulnerable SQL concatenation and formatting patterns

ユースケース

Validating that new feature code adheres to secure parameterized query patterns
Pre-deployment security audits to catch SQLi vulnerabilities during CI/CD
Reviewing legacy codebases for hidden database security risks and technical debt