Skills
.Work. You
Rest

vuln-patterns-deserialization

Community

Detect deserialization vulnerabilities.

Software Engineering#security#vulnerability#python#code audit#deserialization#cwe-502
Authoryhy0
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps identify and prevent deserialization vulnerabilities (CWE-502) in Python code, which can lead to arbitrary code execution.

Core Features & Use Cases

  • Source Identification: Detects untrusted data sources that could be used in deserialization attacks.
  • Sink Detection: Identifies dangerous deserialization functions like pickle.loads, yaml.load, torch.load, etc.
  • Sanitization Gap Analysis: Checks for missing or inadequate security measures like input validation or safe loading.
  • Use Case: When auditing a Python web application, load this Skill to automatically flag potential deserialization risks in API endpoints that accept serialized data.

Quick Start

Use the vuln-patterns-deserialization skill to audit the provided Python script for deserialization vulnerabilities.

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: vuln-patterns-deserialization
Download link: https://github.com/yhy0/ghsa-skill-builder/archive/main.zip#vuln-patterns-deserialization

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.