sc-ssti
CommunityDetect SSTI across major template engines.
Software Engineering#code-analysis#vulnerability-detection#web-application#security-testing#ssti#template-engines#server-side-template-injection
Authorersinkoc
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Server-Side Template Injection (SSTI) vulnerabilities occur when user input becomes part of template code, enabling attackers to execute code or access sensitive data. This Skill helps identify and verify such vulnerabilities across multiple template engines to reduce risk in web applications.
Core Features & Use Cases
- Cross-engine SSTI detection across Python (Jinja2), PHP (Twig/Freemarker), Java (Velocity/Thymeleaf), Ruby (ERB), Go templates, and Node templates.
- Phase-based discovery and verification to differentiate safe data usage from unsafe template code and to provide concrete remediation guidance.
- Use Case: Scan a codebase containing templates and rendering logic to surface instances where user input is interpolated into template strings.
Quick Start
Scan your project for SSTI vulnerabilities across supported template engines with the detector.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sc-ssti Download link: https://github.com/ersinkoc/security-check/archive/main.zip#sc-ssti Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.