Run any Skill in Manus with one click

$pwd:

detecting-command-injection-patterns

Name: Detecting Command Injection Patterns
Author: jeremylongshore

// Scan a source tree for command-injection vulnerable patterns: shell=True calls in Python subprocess, os.system / os.popen with interpolated strings, Node child_process.exec with template literals, Ruby backticks / Kernel#system / Kernel#exec with interpolation, Go exec.Command with shell wrapping, PHP system / passthru / shell_exec / backticks with $-interpolation, Java Runtime.exec with concatenated args. Use when: pre-commit gate on code that calls out to shell utilities, audit of file-processing / archive-handling / image-conversion code, post-bug-report investigation for "we shell out to a tool." Threshold: any shell-invocation API called with a string that contains a variable interpolation, OR shell=True with anything other than a fixed literal. Trigger with: "scan command injection", "shell=True audit", "find exec calls", "check os.system".

Run Skill in Manus

$ git log --oneline --stat

stars:2,267

forks:315

updated:May 31, 2026 at 04:18

File Explorer

4 files

SKILL.md

readonly

name	detecting-command-injection-patterns
description	Scan a source tree for command-injection vulnerable patterns: shell=True calls in Python subprocess, os.system / os.popen with interpolated strings, Node child_process.exec with template literals, Ruby backticks / Kernel#system / Kernel#exec with interpolation, Go exec.Command with shell wrapping, PHP system / passthru / shell_exec / backticks with $-interpolation, Java Runtime.exec with concatenated args. Use when: pre-commit gate on code that calls out to shell utilities, audit of file-processing / archive-handling / image-conversion code, post-bug-report investigation for "we shell out to a tool." Threshold: any shell-invocation API called with a string that contains a variable interpolation, OR shell=True with anything other than a fixed literal. Trigger with: "scan command injection", "shell=True audit", "find exec calls", "check os.system".
allowed-tools	["Read","Bash(python3:*)","Glob","Grep"]
disallowed-tools	["Bash(rm:)","Bash(curl:)"]
version	3.0.0-dev
author	Jeremy Longshore <jeremy@intentsolutions.io>
license	MIT
compatibility	Designed for Claude Code
tags	["security","static-analysis","command-injection","pentest"]

Detecting Command Injection Patterns

Overview

Command injection (CWE-78, OWASP A03:2021) shows up wherever an application shells out to a binary. Image conversion (convert), archive extraction (tar, unzip), video processing (ffmpeg), DNS lookup (dig), and "we just need to call this CLI tool once" are the common origins.

The vulnerability shape is universal: a string is built including user input, then handed to a shell interpreter. The shell parses the string with normal shell semantics — including ;, |, &, $(), backticks. Any of those in the user-controlled portion becomes shell-executable.

When the skill produces findings

Finding	Severity	Threshold	Affected control
Python `subprocess.run(..., shell=True)` with interpolation	CRITICAL	f-string / concat / format argument with `shell=True`	CWE-78
Python `os.system(...)` with interpolation	CRITICAL	non-literal argument	CWE-78
Python `os.popen(...)` with interpolation	CRITICAL	non-literal argument	CWE-78
Node `child_process.exec(...)` with template literal	CRITICAL	`${...}` in the command string	CWE-78
Node `child_process.execSync(...)` with template	CRITICAL	same	CWE-78
Ruby backticks with interpolation	CRITICAL	`cmd #{var}`	CWE-78
Ruby `Kernel#system(string)` with interpolation	CRITICAL	`system("cmd #{var}")`	CWE-78
Go `exec.Command("sh", "-c", ...)` with interpolation	HIGH	shell wrapper with var	CWE-78
PHP `system / exec / passthru / shell_exec` with $-interp	CRITICAL	`system("cmd $var")`	CWE-78
Java `Runtime.exec(String)` with concat	HIGH	single-string form (vs array) with var	CWE-78

Prerequisites

Python 3.9+
Target source tree on local filesystem

Instructions

Step 1 — Run the scanner

python3 ${CLAUDE_PLUGIN_ROOT}/skills/detecting-command-injection-patterns/scripts/scan_cmdi.py /path/to/repo

Options:

Usage: scan_cmdi.py PATH [OPTIONS]

Options:
  --output FILE      Write findings to FILE
  --format FMT       json | jsonl | markdown (default: markdown)
  --min-severity SEV (default: info)
  --include-tests    Include test directories (default: excluded)
  --languages LIST   Comma-separated subset to scan

Step 2 — Interpret findings

CRITICAL = direct user-input → shell construction. Fix immediately.

HIGH = pattern where the shell layer exists but user-input reachability needs verification.

Step 3 — Remediation

The universal fix: pass arguments as a list (array), not a single string. Most APIs have a list form that bypasses shell entirely.

See references/PLAYBOOK.md for per-language patterns.

Examples

Example 1 — Pre-commit on a media-processing service

python3 ${CLAUDE_PLUGIN_ROOT}/skills/detecting-command-injection-patterns/scripts/scan_cmdi.py \
    --min-severity high $(git diff --name-only main...HEAD | tr '\n' ' ')

Example 2 — CI gate

- name: Command-injection scan
  run: |
    python3 plugins/security/penetration-tester/skills/detecting-command-injection-patterns/scripts/scan_cmdi.py \
        . --min-severity high

Output

JSON / JSONL / Markdown. Exit codes: 0 clean, 1 high/critical, 2 error.

Error Handling

False positives common in build scripts that interpolate fixed build constants. Verify each finding by reading whether the interpolated value is user-reachable.

Resources

references/THEORY.md — Why shell=True is the default footgun, per-language shell-out idioms, argument-vector vs command-string semantics
references/PLAYBOOK.md — Per-language safe-shellout patterns (Python subprocess list-args, Node spawn, Ruby Open3.capture3, Go exec.Command list-args, Java ProcessBuilder, PHP escapeshellarg)

related-skills.json

same repository

detecting-eval-exec-usage.md

from "jeremylongshore/claude-code-plugins-plus-skills"

Scan a source tree for dynamic-code-execution APIs that an attacker can hijack: Python eval / exec / compile, JavaScript eval / Function() / setTimeout(string), Ruby eval / instance_eval / class_eval, Java ScriptEngine, PHP eval / assert($str), .NET Activator.CreateInstance / Reflection.Emit with dynamic input. Use when: pre-commit gate on any application that parses user-uploaded code (rule engines, formula evaluators, plugin systems), or post-bug-report when "we run user-supplied expressions." Threshold: any call to eval / exec / Function / similar where the argument is not a string literal. Trigger with: "scan eval", "find dynamic exec", "audit eval calls", "code injection patterns".

2026-05-312.3k

detecting-insecure-deserialization.md

from "jeremylongshore/claude-code-plugins-plus-skills"

Scan a source tree for unsafe-by-default deserialization APIs: Python pickle.loads / cPickle / shelve / dill, Ruby Marshal.load / YAML.load (pre-3.1 default), Java ObjectInputStream.readObject, PHP unserialize, .NET BinaryFormatter / NetDataContractSerializer, Node.js node-serialize, JavaScript JSON.parse with reviver containing eval. Use when: pre-commit gate on services that accept binary blobs, audit of legacy job-queue code (workers deserializing tasks), post-bug-report when "we accept user-uploaded archives." Threshold: any call to a known-unsafe deserialization API on data that originates from user input, network, file upload, or untrusted storage. Trigger with: "scan deserialization", "pickle audit", "java readObject scan", "yaml.load check".

2026-05-312.3k

detecting-sql-injection-patterns.md

from "jeremylongshore/claude-code-plugins-plus-skills"

Scan a source tree for SQL-injection vulnerable patterns: string concatenation into queries, f-string interpolation in SQL, string-format substitution into raw queries, deprecated cursor methods (cursor.execute with % formatting), Knex / Sequelize raw() with template interpolation, sequelize.query with replacements. Use when: pre-commit code review, post-feature SQL-touching release, inheriting a legacy codebase that predates ORMs, or post-bug-report investigation. Threshold: any source line where SQL keywords (SELECT / INSERT / UPDATE / DELETE / FROM / WHERE) appear in a string that's being built via concatenation, f-string, %-format, or .format() with variable input. Trigger with: "scan for sqli", "sql injection patterns", "check raw queries", "audit cursor.execute".

2026-05-312.3k

detecting-weak-cryptography.md

from "jeremylongshore/claude-code-plugins-plus-skills"

Scan a source tree for weak cryptographic primitives: MD5 / SHA-1 used for security purposes, DES / 3DES / RC4 ciphers, ECB block mode, custom-built crypto (XOR loops, hand-rolled HMAC), hardcoded IVs, predictable random (Math.random / java.util.Random for crypto seeds), missing certificate verification (verify=False, rejectUnauthorized: false). Use when: pre-merge gate on crypto-touching code, audit before SOC2 / PCI assessment, post-incident review when "we found a weakness in our token signing." Threshold: any call to a known-weak algorithm with non-test context, OR cert verification explicitly disabled, OR a custom crypto loop pattern. Trigger with: "scan weak crypto", "find MD5 usage", "check ECB mode", "audit ssl verify", "weak random".

2026-05-312.3k

scanning-for-hardcoded-secrets.md

from "jeremylongshore/claude-code-plugins-plus-skills"

Scan a source-code tree for hardcoded credentials embedded in source files: AWS access keys, GitHub tokens, Stripe keys, Slack tokens, Anthropic API keys, OpenAI keys, JWT signing secrets, generic base64-encoded passwords, RSA / SSH private keys, and high-entropy string literals that pattern-match common credential shapes. Use when: pre-commit gate before pushing a feature branch, audit before SOC2, post-incident scan after a leak, or inheriting a codebase you didn't write. Threshold: any source file contains a string that matches a canonical credential regex (AWS AKIA prefix, GitHub ghp_ prefix, etc.) OR a string with Shannon entropy above 4.5 in a field context (key=, token:, secret=). Trigger with: "scan secrets", "credential scan", "find hardcoded keys", "leak check".

2026-05-312.3k

detecting-directory-listing.md

from "jeremylongshore/claude-code-plugins-plus-skills"

Probe a target for directories that return auto-generated index listings instead of denying or serving a specific file — exposes the full file tree under any reachable directory, including files the application never linked to. Use when: post-deploy verification on a static-asset host, security audit before SOC2, or following up on a finding from skill #6 (exposed-files) where a backup-file path returned 200 with HTML body instead of the expected file content (suggests autoindex serving a directory listing). Threshold: any directory-shaped path returns 200 with HTML body matching the framework-specific autoindex fingerprint (nginx fancyindex, Apache mod_autoindex Index of/, Caddy browse, Lighttpd mod_dirlisting, etc.). Trigger with: "directory listing check", "autoindex detection", "open directory scan".

2026-05-312.3k

package.json

"author": "jeremylongshore"

"repository": "jeremylongshore/claude-code-plugins-plus-skills"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	detecting-command-injection-patterns
description	Scan a source tree for command-injection vulnerable patterns: shell=True calls in Python subprocess, os.system / os.popen with interpolated strings, Node child_process.exec with template literals, Ruby backticks / Kernel#system / Kernel#exec with interpolation, Go exec.Command with shell wrapping, PHP system / passthru / shell_exec / backticks with $-interpolation, Java Runtime.exec with concatenated args. Use when: pre-commit gate on code that calls out to shell utilities, audit of file-processing / archive-handling / image-conversion code, post-bug-report investigation for "we shell out to a tool." Threshold: any shell-invocation API called with a string that contains a variable interpolation, OR shell=True with anything other than a fixed literal. Trigger with: "scan command injection", "shell=True audit", "find exec calls", "check os.system".
allowed-tools	["Read","Bash(python3:*)","Glob","Grep"]
disallowed-tools	["Bash(rm:)","Bash(curl:)"]
version	3.0.0-dev
author	Jeremy Longshore <jeremy@intentsolutions.io>
license	MIT
compatibility	Designed for Claude Code
tags	["security","static-analysis","command-injection","pentest"]

Detecting Command Injection Patterns

Overview

When the skill produces findings

Finding	Severity	Threshold	Affected control
Python `subprocess.run(..., shell=True)` with interpolation	CRITICAL	f-string / concat / format argument with `shell=True`	CWE-78
Python `os.system(...)` with interpolation	CRITICAL	non-literal argument	CWE-78
Python `os.popen(...)` with interpolation	CRITICAL	non-literal argument	CWE-78
Node `child_process.exec(...)` with template literal	CRITICAL	`${...}` in the command string	CWE-78
Node `child_process.execSync(...)` with template	CRITICAL	same	CWE-78
Ruby backticks with interpolation	CRITICAL	`cmd #{var}`	CWE-78
Ruby `Kernel#system(string)` with interpolation	CRITICAL	`system("cmd #{var}")`	CWE-78
Go `exec.Command("sh", "-c", ...)` with interpolation	HIGH	shell wrapper with var	CWE-78
PHP `system / exec / passthru / shell_exec` with $-interp	CRITICAL	`system("cmd $var")`	CWE-78
Java `Runtime.exec(String)` with concat	HIGH	single-string form (vs array) with var	CWE-78

Prerequisites

Python 3.9+
Target source tree on local filesystem

Instructions

Step 1 — Run the scanner

python3 ${CLAUDE_PLUGIN_ROOT}/skills/detecting-command-injection-patterns/scripts/scan_cmdi.py /path/to/repo

Options:

Usage: scan_cmdi.py PATH [OPTIONS]

Options:
  --output FILE      Write findings to FILE
  --format FMT       json | jsonl | markdown (default: markdown)
  --min-severity SEV (default: info)
  --include-tests    Include test directories (default: excluded)
  --languages LIST   Comma-separated subset to scan

Step 2 — Interpret findings

CRITICAL = direct user-input → shell construction. Fix immediately.

HIGH = pattern where the shell layer exists but user-input reachability needs verification.

Step 3 — Remediation

The universal fix: pass arguments as a list (array), not a single string. Most APIs have a list form that bypasses shell entirely.

See references/PLAYBOOK.md for per-language patterns.

Examples

Example 1 — Pre-commit on a media-processing service

python3 ${CLAUDE_PLUGIN_ROOT}/skills/detecting-command-injection-patterns/scripts/scan_cmdi.py \
    --min-severity high $(git diff --name-only main...HEAD | tr '\n' ' ')

Example 2 — CI gate

- name: Command-injection scan
  run: |
    python3 plugins/security/penetration-tester/skills/detecting-command-injection-patterns/scripts/scan_cmdi.py \
        . --min-severity high

Output

JSON / JSONL / Markdown. Exit codes: 0 clean, 1 high/critical, 2 error.

Error Handling

False positives common in build scripts that interpolate fixed build constants. Verify each finding by reading whether the interpolated value is user-reachable.

Resources

references/THEORY.md — Why shell=True is the default footgun, per-language shell-out idioms, argument-vector vs command-string semantics
references/PLAYBOOK.md — Per-language safe-shellout patterns (Python subprocess list-args, Node spawn, Ruby Open3.capture3, Go exec.Command list-args, Java ProcessBuilder, PHP escapeshellarg)

detecting-command-injection-patterns

Detecting Command Injection Patterns

Overview

When the skill produces findings

Prerequisites

Instructions

Step 1 — Run the scanner

Step 2 — Interpret findings

Step 3 — Remediation

Examples

Example 1 — Pre-commit on a media-processing service

Example 2 — CI gate

Output

Error Handling

Resources

More from this repository

More from this repository

Detecting Command Injection Patterns

Overview

When the skill produces findings

Prerequisites

Instructions

Step 1 — Run the scanner

Step 2 — Interpret findings

Step 3 — Remediation

Examples

Example 1 — Pre-commit on a media-processing service

Example 2 — CI gate

Output

Error Handling

Resources