Poor input validation leads to security vulnerabilities like SQL injection and XSS attacks. This skill guides Claude Code to implement server-side validation with allowlists, type checking, and proper sanitization.
Baixar o ZIP da skill
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
Ative e comece a usar
Testar
A utilizar "global-validation". Create validation for a user profile update endpoint with email and phone number
Resultado esperado:
I will implement server-side validation for the profile update endpoint using your validation library. The schema will include email format validation using RFC 5322 standard, phone number format validation with international support, allowlist-based field validation to prevent unexpected fields, and specific error messages for each validation failure. I will also add type checking to ensure email is string and properly sanitized against XSS.
A utilizar "global-validation". Add validation for a search query parameter
Resultado esperado:
I will add allowlist-based validation for the search query parameter. The validation will check maximum length of 200 characters, sanitize against SQL injection using parameterized queries, trim whitespace, validate allowed characters using regex pattern, and return a specific error message if validation fails. This prevents injection attacks while allowing legitimate search queries.
Auditoria de Segurança
SeguroThis skill contains only documentation and guidance for implementing validation patterns. All 19 static findings are false positives triggered by documentation text containing keywords like validation, input, and command. No executable code, network operations, or file system access present. Safe for publication.
Pontuação de qualidade
O Que Você Pode Construir
API Input Validation
Backend engineers implementing REST or GraphQL APIs need to validate user input to prevent injection attacks and ensure data integrity. This skill guides proper validation schema implementation.
Form Request Validation
Full-stack developers creating web forms need to implement both client-side and server-side validation. This skill ensures server-side validation is never skipped and follows security best practices.
Business Rule Enforcement
Application developers implementing domain logic need to validate business rules like sufficient account balance or valid date ranges. This skill guides consistent validation across all entry points.
Tente Estes Prompts
Create a validation schema for a user registration form with email, password, and username fields
Implement server-side validation for a POST endpoint that creates orders with product ID, quantity, and shipping address
Add validation for a file upload endpoint that only accepts PDF and PNG files under 5MB with proper sanitization
Implement validation for a payment transaction that checks account balance, validates amount format, ensures positive value, and confirms payee exists
Melhores Práticas
- Always implement server-side validation even when client-side validation exists, as client-side validation can be bypassed
- Use allowlist validation that defines what is allowed rather than blocklists that try to block malicious patterns
- Provide specific and actionable error messages that help users correct their input without revealing system internals
Evitar
- Relying only on client-side validation without server-side verification, which allows attackers to bypass validation entirely
- Using blocklists to filter malicious input instead of allowlists, which can be circumvented with encoding or edge cases
- Implementing validation inconsistently across different entry points like web forms, APIs, and background jobs