← Back to Skills Marketplace
52
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install missing-input-validation
Description
External input flows into sensitive operations without being checked for type, shape, range, or sanitization.
Usage Guidance
This skill is safe and simply provides best-practice guidance on input validation. It doesn't install code or request secrets. Before acting on its advice, avoid copying sensitive input values into logs or error messages (the SKILL.md suggests including unexpected values for debugging, which can leak secrets). Use strong schema validators (Zod, Pydantic, etc.) and prefer parameterized APIs rather than string concatenation. If you plan to apply the guidance automatically (e.g., via code-generation), review resulting code to ensure it doesn't accidentally echo or store sensitive inputs.
Capability Analysis
Type: OpenClaw Skill
Name: missing-input-validation
Version: 1.0.0
The skill bundle is purely educational, providing documentation and best practices for identifying and fixing 'missing input validation' vulnerabilities. It contains no executable code or malicious instructions in SKILL.md or _meta.json.
Capability Assessment
Purpose & Capability
Name and description match the SKILL.md guidance. The skill requests no binaries, env vars, installs, or file access — appropriate for a documentation/teaching skill.
Instruction Scope
SKILL.md contains high-level developer guidance on validating external inputs and avoiding injection; it does not instruct the agent to read files, access credentials, or contact external endpoints. One recommendation—to include unexpected values in error messages to aid debugging—could inadvertently encourage logging sensitive inputs; treat that advice carefully.
Install Mechanism
No install spec and no code files — lowest-risk, nothing is written to disk or executed by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths; this is proportional for a purely instructional skill.
Persistence & Privilege
always is false and model invocation is allowed (default). As an instruction-only skill this presents no additional privilege beyond normal agent behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install missing-input-validation - After installation, invoke the skill by name or use
/missing-input-validation - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of missing-input-validation skill
- Documents risks of not validating external input in software.
- Lists common symptoms where input validation is missing.
- Provides concrete advice for validation and safe handling at trust boundaries.
- Recommends schema validators and safe APIs for handling external data.
- Emphasizes that all external data—including third-party APIs—should be validated.
Metadata
Frequently Asked Questions
What is Missing Input Validation?
External input flows into sensitive operations without being checked for type, shape, range, or sanitization. It is an AI Agent Skill for Claude Code / OpenClaw, with 52 downloads so far.
How do I install Missing Input Validation?
Run "/install missing-input-validation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Missing Input Validation free?
Yes, Missing Input Validation is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Missing Input Validation support?
Missing Input Validation is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, windows).
Who created Missing Input Validation?
It is built and maintained by mvogt99 (@mvogt99); the current version is v1.0.0.
More Skills