Does this skill support modern PHP frameworks like Laravel or Symfony?

Yes, it recognizes framework-specific patterns like Laravel FormRequests and Symfony Validation constraints, and can distinguish between validated and unvalidated inputs.

Can it help with file upload security?

Absolutely. It checks for common mistakes like relying solely on file extensions or spoofable MIME types, suggesting more secure content-based validation methods.

What kind of regex vulnerabilities can it detect?

The skill identifies missing anchors (start/end), case-sensitivity issues, and overly permissive patterns that allow attackers to bypass validation logic.

How does it handle internal method calls?

It includes false-positive logic that recognizes when data has already been validated by Value Objects or entry-point controllers, reducing noise in internal service audits.

PHP Input Validation Security Check

Name: PHP Input Validation Security Check
Author: dykyi-roman

bydykyi-roman

•

보안 및 테스팅

Audits PHP code for input validation vulnerabilities and security gaps to prevent injection attacks and data corruption.

This skill enables Claude to perform automated security audits on PHP applications by identifying common input validation flaws. It scans for critical issues such as unvalidated request data, weak regular expressions, type coercion vulnerabilities (type juggling), and insecure file upload handling. By mapping findings to CWE-20 standards and providing standardized reports with severity levels and remediation code, it helps developers harden their PHP architecture and maintain secure, production-grade codebases.

주요 기능

01Provides actionable fix examples and CWE-20 classification for every finding

02Identifies missing validation in controllers, command handlers, and superglobals

0345 GitHub stars

04Flags type coercion attacks and loose comparison vulnerabilities in PHP

05Detects exploitable regex patterns such as missing anchors or permissive dots

06Validates file upload logic including MIME type and content consistency

사용 사례

01Conducting security audits on legacy PHP codebases to identify hidden vulnerabilities

02Reviewing new PRs to ensure all user input is properly filtered and type-checked

03Hardening API endpoints against malicious payloads and type juggling exploits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-input-validation

For use in Claude.ai and ChatGPT

Download Skill