sast-sqli

Detects SQL injection vulnerabilities in codebases using a structured three-phase approach for enhanced security assessments.

Install this skill

or

24/100

Security score

The sast-sqli skill was audited on Jun 13, 2026 and we found 8 security issues across 2 threat categories, including 4 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 84

Template literal with variable interpolation in command context

SourceSKILL.md

84	await prisma.$queryRaw`SELECT * FROM users WHERE id = ${userId}`

medium line 159

Template literal with variable interpolation in command context

SourceSKILL.md

159	const [rows] = await db.query(`SELECT * FROM users WHERE id = ${id}`);

medium line 177

Template literal with variable interpolation in command context

SourceSKILL.md

177	const result = await pool.query(`SELECT * FROM orders WHERE status = '${status}'`);

high line 319

Template literal with variable interpolation in command context

SourceSKILL.md

319	> - `` db.query(`SELECT * WHERE id = ${var}`) ``

high line 331

Template literal with variable interpolation in command context

SourceSKILL.md

331	> - Sequelize: `` sequelize.query(`...${var}...`) ``, `literal(var)`

high line 332

Template literal with variable interpolation in command context

SourceSKILL.md

332	> - TypeORM: `` createQueryBuilder().where(`col = '${var}'`) ``, `.query("..." + var)`

high line 338

Template literal with variable interpolation in command context

SourceSKILL.md

338	> - `` `SELECT * FROM ${tableVar}` ``

low line 458

External URL reference

SourceSKILL.md

458	> Example: sqlmap -u "https://app.example.com/search?q=test" -p q --dbs]

Scanned on Jun 13, 2026

View Security Dashboard

Installation guide →

GitHub Stars 661

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

openclaw backend api security-engineer backend-developer data-analyst development data analytics

utkusen/sast-skills