Installation

Open Claude Code and run this command:

/plugin install sql-injection-detector@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

What It Does

Comprehensive SQL injection vulnerability detection with pattern matching, context analysis, and exploit verification.

Features

Multi-Database Support - MySQL, PostgreSQL, SQL Server, Oracle, SQLite
Context-Aware Analysis - Understand query context and structure
ORM Detection - Identify unsafe ORM usage
Blind SQLi Detection - Time-based and boolean-based
Exploitation Verification - Safe proof-of-concept testing
Remediation Guidance - Parameterized query examples

Skills (1)

detecting-sql-injection-vulnerabilities SKILL.md View full skill →

Detect and analyze SQL injection vulnerabilities in application code and database queries.

ReadWriteEditGrepGlobBash(code-scan:*)Bash(security-test:*)

Detecting SQL Injection Vulnerabilities

Overview

Scan application source code for SQL injection vulnerabilities (CWE-89, OWASP A03:2021) by tracing user input from entry points through data flows into database query construction. Detect string concatenation, format string interpolation, and inadequate parameterization across raw SQL, ORM raw query methods, stored procedure calls, and dynamic query builders.

Prerequisites

Application source code accessible in ${CLAUDESKILLDIR}/
Database query files, ORM models, and repository/DAO layers available
Framework and language identified (Django, Rails, Express, Spring, Laravel, ASP.NET, Go, etc.)
Database type known (MySQL, PostgreSQL, SQLite, MSSQL, Oracle) for syntax-specific detection
Write permissions for reports in ${CLAUDESKILLDIR}/security-reports/

Instructions

Discover database interaction code: search for SQL keywords (SELECT, INSERT, UPDATE, DELETE, EXEC) and ORM raw query methods (raw(), execute(), createNativeQuery(), $wpdb->query()) across all source files.
Identify input surfaces: map all user-controllable data entry points -- HTTP parameters, request bodies, URL path segments, headers, cookies, file uploads, and WebSocket messages.
Trace data flows: follow each input surface through the code to determine whether user data reaches a SQL query. Flag any path where input is not passed through parameterized query binding.
Detect vulnerable patterns:

String concatenation: "SELECT * FROM users WHERE id=" + userId
f-string/format interpolation: Python f-strings embedding variables directly into SQL strings
Template literals: ` SELECT * FROM users WHERE id=${req.params.id} `
ORM raw queries without bindings: Model.objects.raw("SELECT * FROM t WHERE x='" + val + "'")

Classify each finding: assign CVSS 3.1 score, identify attack type (classic injection, blind boolean/time-based, UNION-based exfiltration, second-order/stored injection), and document exploitability (authentication required, network access).
Assess impact per finding: determine data exposure scope (authentication bypass, data exfiltration, data modification, OS command execution via xpcmdshell or LOADFILE()).
Generate remediation code: provide parameterized equivalents for each vulnerable query. Use framework-idiomatic patterns -- %s placeholders for Python DB-API, ? for Node.js, $1 for PostgreSQL, named parameters for Sp

How It Works


/detect-sqli
/sqli

sql-injection-detector

Installation

What It Does

Features

Skills (1)

Detecting SQL Injection Vulnerabilities

Overview

Prerequisites

Instructions

How It Works

Ready to use sql-injection-detector?

Related Plugins

sql-injection-detector

Installation

What It Does

Features

Skills (1)

Detecting SQL Injection Vulnerabilities

Overview

Prerequisites

Instructions

How It Works

Ready to use sql-injection-detector?

Related Plugins

access-control-auditor

authentication-validator

compliance-report-generator

cors-policy-validator

csrf-protection-validator

data-privacy-scanner