php-expr-audit
CommunityAudit PHP apps for expression injection risks.
Software Engineering#security#php#static-analysis#code-review#security-audit#eval#expression-injection
Author0xShe
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill analyzes PHP source code to identify user-controlled expressions that reach expression engines or PHP dynamic execution points, enabling potential code execution or secret logic manipulation.
Core Features & Use Cases
- Detects expression evaluation or compilation entry points such as ExpressionLanguage->evaluate({value}) and ExpressionLanguage->compile({value}) as well as PHP runtime execution via eval($code) and assert($assertion) when user input can influence code.
- Identifies sources of user-controlled input that feed into expression strings and checks for unsafe concatenation or over-permissive evaluation contexts.
- Provides structured reports with severity ratings, PoC guidance, and remediation recommendations for common PHP expression injection patterns in code reviews or CI pipelines.
Quick Start
Run the PHP expression-audit scanner against your codebase to locate and report all expression-evaluation entry points.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: php-expr-audit Download link: https://github.com/0xShe/PHP-Code-Audit-Skill/archive/main.zip#php-expr-audit Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.