Php Sql Fixer

Detect SQL injection risks in PHP/Yaf projects and generate parameterized query fix patches. Scans for string concatenation in SQL, unsafe superglobal interp...

This package mostly contains a reasonable SQL-scanner for PHP/Yaf, but it appears incomplete and somewhat sloppy. Before installing or running it: 1) Do not run anything as root or against production code — test on a cloned repo. 2) Verify the missing file: look for scripts/suggest_fix.php (referenced in SKILL.md); if absent, ask the publisher or obtain the helper before relying on automatic fixes. 3) Remove or update the hard-coded docker-compose path in the docs — it references the author's machine and will fail on your machine. 4) Inspect scripts/scan_sql.sh yourself (it uses grep) — it performs only local file scanning and prints a report; there are no network calls in the included files. 5) If you plan to apply fixes, review each suggested change manually and run php -l and your test suite in a safe environment. If the missing helper is supplied later, re-run a security review on that file before use.

Type: OpenClaw Skill Name: php-sql-fixer Version: 1.0.0 The skill bundle is a legitimate security auditing tool designed to identify and suggest fixes for SQL injection vulnerabilities in PHP projects, specifically those using the Yaf framework. The 'scan_sql.sh' script uses grep to find common unsafe patterns like string concatenation and superglobal interpolation in SQL queries, while 'SKILL.md' and 'references/fix-patterns.md' provide clear instructions and documentation for an AI agent to triage and remediate these risks. Although the bundle contains a highly specific hardcoded path for a Docker configuration (/mnt/d/Users/Public/php20250819/docker-php7.3/docker-compose.yml), this appears to be an environment-specific setting for syntax verification rather than a malicious indicator. No evidence of data exfiltration, unauthorized execution, or prompt injection was found.