sc-cmdi
CommunityDetect OS command injection across languages.
Software Engineering#static-analysis#code-analysis#command-injection#subprocess#security-analysis#os-command
Authorersinkoc
Version1.0.0
Installs0
System Documentation
What problem does it solve?
OS command injection occurs when user-supplied input is passed to shell commands, subprocess calls, or process spawning without proper sanitization. This Skill detects such vulnerabilities across multiple language environments by tracing dangerous patterns from input sources to execution sinks and distinguishing between full command injection and argument injection.
Core Features & Use Cases
- Multi-language pattern detection for Python, JavaScript/Node.js, Go, PHP, Java, C#, and Ruby.
- Data-flow tracing from user input sources to command execution sinks to differentiate full command injection from argument injection.
- Severity classification and actionable findings to guide remediation.
Quick Start
Run sc-cmdi against your codebase to identify and classify OS command injection risks in shell and subprocess calls.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sc-cmdi Download link: https://github.com/ersinkoc/security-check/archive/main.zip#sc-cmdi Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.