← 返回 Skills 市场
52
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install missing-input-validation
功能描述
External input flows into sensitive operations without being checked for type, shape, range, or sanitization.
安全使用建议
This skill is safe and simply provides best-practice guidance on input validation. It doesn't install code or request secrets. Before acting on its advice, avoid copying sensitive input values into logs or error messages (the SKILL.md suggests including unexpected values for debugging, which can leak secrets). Use strong schema validators (Zod, Pydantic, etc.) and prefer parameterized APIs rather than string concatenation. If you plan to apply the guidance automatically (e.g., via code-generation), review resulting code to ensure it doesn't accidentally echo or store sensitive inputs.
功能分析
Type: OpenClaw Skill
Name: missing-input-validation
Version: 1.0.0
The skill bundle is purely educational, providing documentation and best practices for identifying and fixing 'missing input validation' vulnerabilities. It contains no executable code or malicious instructions in SKILL.md or _meta.json.
能力评估
Purpose & Capability
Name and description match the SKILL.md guidance. The skill requests no binaries, env vars, installs, or file access — appropriate for a documentation/teaching skill.
Instruction Scope
SKILL.md contains high-level developer guidance on validating external inputs and avoiding injection; it does not instruct the agent to read files, access credentials, or contact external endpoints. One recommendation—to include unexpected values in error messages to aid debugging—could inadvertently encourage logging sensitive inputs; treat that advice carefully.
Install Mechanism
No install spec and no code files — lowest-risk, nothing is written to disk or executed by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths; this is proportional for a purely instructional skill.
Persistence & Privilege
always is false and model invocation is allowed (default). As an instruction-only skill this presents no additional privilege beyond normal agent behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install missing-input-validation - 安装完成后,直接呼叫该 Skill 的名称或使用
/missing-input-validation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of missing-input-validation skill
- Documents risks of not validating external input in software.
- Lists common symptoms where input validation is missing.
- Provides concrete advice for validation and safe handling at trust boundaries.
- Recommends schema validators and safe APIs for handling external data.
- Emphasizes that all external data—including third-party APIs—should be validated.
元数据
常见问题
Missing Input Validation 是什么?
External input flows into sensitive operations without being checked for type, shape, range, or sanitization. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 52 次。
如何安装 Missing Input Validation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install missing-input-validation」即可一键安装,无需额外配置。
Missing Input Validation 是免费的吗?
是的,Missing Input Validation 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Missing Input Validation 支持哪些平台?
Missing Input Validation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux, windows)。
谁开发了 Missing Input Validation?
由 mvogt99(@mvogt99)开发并维护,当前版本 v1.0.0。
推荐 Skills