Dangerous Functions
This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox security review.
Best use case
Dangerous Functions is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox security review.
Teams using Dangerous Functions should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/dangerous-functions/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Dangerous Functions Compares
| Feature / Agent | Dangerous Functions | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox security review.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Dangerous Functions Reference ## Purpose Provide comprehensive knowledge of security-sensitive functions (sinks) across programming languages for whitebox penetration testing. These functions are common targets during code review because improper use leads to critical vulnerabilities. ## When to Use Activate this skill during: - Code review phase of whitebox security review - Searching for potential vulnerability entry points - Building grep patterns for sink identification - Understanding language-specific security risks ## Core Concepts ### Sources vs Sinks **Sources**: Entry points where user input enters the application - HTTP parameters, headers, cookies - File uploads, database reads - Environment variables, command-line arguments **Sinks**: Functions where malicious input causes damage - Command execution, SQL queries - File operations, deserialization - Code evaluation, template rendering ### Risk Categories | Category | Impact | Common Languages | |----------|--------|------------------| | Command Injection | Remote Code Execution | All | | Code Injection | Remote Code Execution | PHP, Python, JS | | SQL Injection | Data breach | All with databases | | Deserialization | Remote Code Execution | Java, PHP, Python, .NET | | File Operations | LFI/RFI/Arbitrary Write | All | | SSRF | Internal network access | All | | Template Injection | Remote Code Execution | Python, Java, JS | | Reentrancy | Fund theft | Solidity | | Flash Loan Attacks | Price/state manipulation | Solidity | | Access Control | Privilege escalation | Solidity | ## Methodology ### Step 1: Identify Application Language Determine the primary language(s) used: - Check file extensions (.php, .java, .py, .js, .cs, .go, .rb) - Review package managers (composer.json, pom.xml, requirements.txt, package.json) - Check framework indicators ### Step 2: Load Language-Specific Reference Consult the appropriate reference file for comprehensive sink lists: - `references/php-sinks.md` for PHP applications - `references/java-sinks.md` for Java applications - `references/python-sinks.md` for Python applications - `references/javascript-sinks.md` for Node.js/JavaScript - `references/dotnet-sinks.md` for .NET/C# applications - `references/go-ruby-sinks.md` for Go and Ruby - `references/rust-sinks.md` for Rust applications - `references/kotlin-sinks.md` for Kotlin/Android applications *(preview -- not in supported language list)* - `references/swift-sinks.md` for Swift/iOS applications *(preview -- not in supported language list)* - `references/solidity-sinks.md` for Solidity smart contracts ### Step 3: Search for Sinks Use Grep tool to search for dangerous functions: - Search one category at a time (command, code, SQL, file, etc.) - Use case-insensitive search for better coverage - Include all relevant file extensions ### Step 4: Catalog Findings For each identified sink, document: - File path and line number - Function name and context - Input sources (if visible) - Initial risk assessment ### Step 5: Prioritize for Testing Rank findings using this framework: | Priority | Criteria | |----------|----------| | Critical | Direct user input reaches sink | | High | Database/file data (user-controlled) reaches sink | | Medium | Authenticated user input reaches sink | | Low | Admin-only input reaches sink | | Info | Hardcoded values only | ## Prioritization Framework When reviewing identified sinks, consider: 1. **Input Proximity**: How close is user input to the sink? 2. **Authentication**: Does exploitation require authentication? 3. **Privilege Level**: What access level is needed? 4. **Impact**: What can an attacker achieve? 5. **Exploitability**: Are there filters or sanitization? ## Additional Resources ### Reference Files For comprehensive function lists by language, consult: - **`references/php-sinks.md`** - PHP dangerous functions with grep patterns - **`references/java-sinks.md`** - Java dangerous functions with grep patterns - **`references/python-sinks.md`** - Python dangerous functions with grep patterns - **`references/javascript-sinks.md`** - JavaScript/Node.js dangerous functions - **`references/dotnet-sinks.md`** - .NET/C# dangerous functions - **`references/go-ruby-sinks.md`** - Go and Ruby dangerous functions - **`references/rust-sinks.md`** - Rust dangerous functions (unsafe, FFI, etc.) - **`references/kotlin-sinks.md`** - Kotlin/Android dangerous functions *(preview -- not in supported language list)* - **`references/swift-sinks.md`** - Swift/iOS dangerous functions *(preview -- not in supported language list)* - **`references/solidity-sinks.md`** - Solidity smart contract sinks (reentrancy, access control, flash loans) ### Integration with Other Skills - Use **vuln-patterns** skill for exploitation techniques per vulnerability type - Use **data-flow-tracing** skill to trace input from sources to identified sinks - Use **exploit-techniques** skill to develop PoC for confirmed vulnerabilities