MetaClaw input-validation-and-sanitization
Use this skill when implementing any endpoint, form handler, CLI tool, or function that accepts external input. Validate and sanitize all untrusted data before processing — never assume input is safe.
install
source · Clone the upstream repo
git clone https://github.com/aiming-lab/MetaClaw
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/aiming-lab/MetaClaw "$T" && mkdir -p ~/.claude/skills && cp -r "$T/memory_data/skills/input-validation-and-sanitization" ~/.claude/skills/aiming-lab-metaclaw-input-validation-and-sanitization && rm -rf "$T"
manifest:
memory_data/skills/input-validation-and-sanitization/SKILL.mdsource content
Input Validation and Sanitization
Validation principles:
- Validate at the system boundary (API layer, form handler) — not deep in business logic.
- Validate type, range, length, and format explicitly.
- Reject unexpected input by default (allowlist > denylist).
SQL injection prevention: Always use parameterized queries or an ORM.
XSS prevention: Escape HTML output; use Content-Security-Policy headers; avoid
innerHTMLPath traversal prevention: Resolve paths to canonical form and verify they are under the expected directory.
import os base = '/allowed/dir' canonical = os.path.realpath(os.path.join(base, user_input)) assert canonical.startswith(base + os.sep)