input-validation-and-sanitization

Use this skill when implementing any endpoint, form handler, CLI tool, or function that accepts external input. Validate and sanitize all untrusted data before processing — never assume input is safe.

View SKILL.md on GitHub Repository

Stars 3,371

Forks 398

Install this agent skill to your Project

npx add-skill https://github.com/aiming-lab/MetaClaw/tree/main/memory_data/skills/input-validation-and-sanitization

SKILL.md

Input Validation and Sanitization

Validation principles:

Validate at the system boundary (API layer, form handler) — not deep in business logic.
Validate type, range, length, and format explicitly.
Reject unexpected input by default (allowlist > denylist).

SQL injection prevention: Always use parameterized queries or an ORM.

XSS prevention: Escape HTML output; use Content-Security-Policy headers; avoid innerHTML with user data.

Path traversal prevention: Resolve paths to canonical form and verify they are under the expected directory.

python

import os
base = '/allowed/dir'
canonical = os.path.realpath(os.path.join(base, user_input))
assert canonical.startswith(base + os.sep)

Maintainer

aiming-lab Core maintainer

Source details

Full Name: aiming-lab/MetaClaw
Branch: main
Path in repo: memory_data/skills/input-validation-and-sanitization
License: MIT License
Topics: agent llm openclaw ai-agent fine-tuning lora reinforcement-learning continual-learning meta-learning metaclaw online-learning skill-learning tinker

Featured Tools

Join Our Newsletter

Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

aiming-lab/MetaClaw

structured-progress-update

Use this skill when summarizing progress on an ongoing project or multi-step task. Give a clear, scannable status report whenever asked for an update or at the end of a work session.

3,371 398

Explore

aiming-lab/MetaClaw

async-communication-etiquette

Use this skill when writing messages in async channels (Slack, GitHub issues, email threads) where the reader may not have context and cannot ask follow-up questions immediately.

3,371 398

Explore

aiming-lab/MetaClaw

idempotent-script-design

Use this skill when writing scripts, cron jobs, data pipelines, or any automated process that may be run multiple times. Design every operation to be safely re-runnable without side effects.

3,371 398

Explore

aiming-lab/MetaClaw

secrets-management

Use this skill when handling API keys, passwords, tokens, private keys, or any sensitive credential. Never hardcode secrets in source code — apply this whenever the word "key", "token", "password", or "secret" appears in the task.

3,371 398

Explore

aiming-lab/MetaClaw

graceful-error-recovery

Use this skill when a tool call, command, or API request fails. Diagnose the root cause systematically before retrying or changing approach. Do not retry the same failing call without first understanding why it failed.

3,371 398

Explore

aiming-lab/MetaClaw

codebase-navigation

Use this skill when exploring an unfamiliar codebase, tracing code paths, or answering questions about how the system works. Read before writing, and build a mental model of the architecture before making changes.

3,371 398

Explore

Didn't find tool you were looking for?

Search AI Tools

Install this agent skill to your Project

SKILL.md

Input Validation and Sanitization

Recommended Agent Skills

structured-progress-update

async-communication-etiquette

idempotent-script-design

secrets-management

graceful-error-recovery

codebase-navigation