Stats
Actions
Tags
From find-cve-agent
Detects SQL injection where user input reaches query construction via string concatenation, template literals, or ORM raw methods in JS/TS, Python, Go, Ruby, PHP. For auditing database apps.
How this skill is triggered — by the user, by Claude, or both
Slash command
/find-cve-agent:sqliThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit database-backed applications, ORM wrappers, query builders, and any code that constructs SQL queries from user input.
Audit database-backed applications, ORM wrappers, query builders, and any code that constructs SQL queries from user input.
# JavaScript
grep -rn "query(\|execute(\|\.raw(\|\.rawQuery(" .
grep -rn "knex\.raw\|sequelize\.query\|prisma\.\$queryRaw" .
# Python
grep -rn "cursor\.execute\|execute(\|executemany(" .
grep -rn "\.raw(\|RawSQL\|text(" .
grep -rn "f\".*SELECT\|f\".*INSERT\|f\".*UPDATE\|f\".*DELETE" .
# Go
grep -rn "db\.Query\|db\.Exec\|db\.QueryRow\|tx\.Query" .
grep -rn "fmt\.Sprintf.*SELECT\|fmt\.Sprintf.*INSERT" .
# Ruby
grep -rn "find_by_sql\|execute\|select_all\|where.*#\{" .
# PHP
grep -rn "query(\|prepare(\|exec(\|mysql_query\|mysqli_query" .
# Template literals in SQL
grep -rn "query.*\`.*\$\{" . --include="*.js" --include="*.ts"
# String concatenation in SQL
grep -rn "SELECT.*\+\|INSERT.*\+\|UPDATE.*\+\|DELETE.*\+" .
# Python f-strings in SQL
grep -rn 'f".*SELECT\|f".*INSERT\|f".*UPDATE\|f".*DELETE' .
# Format strings in SQL
grep -rn "\.format(.*SELECT\|\.format(.*INSERT" .
Parameterized queries are SAFE:
// SAFE: parameterized
db.query('SELECT * FROM users WHERE id = ?', [userId]);
// UNSAFE: string concatenation
db.query('SELECT * FROM users WHERE id = ' + userId);
ORMs are generally safe, but .raw() / .query() methods often bypass protections:
// SAFE: ORM query builder
User.findOne({ where: { id: userId } });
// UNSAFE: raw query with interpolation
sequelize.query(`SELECT * FROM users WHERE id = ${userId}`);
Some SQL elements CANNOT be parameterized:
If user input reaches these, it is SQLi even with prepared statements.
npx claudepluginhub byamb4/find-cve-agentDetects SQL injection vulnerabilities by tracing user inputs through code to database queries, flagging unsafe patterns like concatenation and unparameterized ORMs. Scans frameworks including Django, Rails, Express, Go.
Prevents SQL injection by enforcing parameterized queries and ORM usage over string concatenation. Useful when constructing database queries from user input, API params, or external data.
Analyzes PHP code for SQL injection vulnerabilities including query concatenation, variable interpolation, dynamic identifiers, ORM misuse (Doctrine, Eloquent/Laravel), raw queries, and LIKE/IN issues.