Official Verified

sql-injection-scanner

Detect SQL injection vulnerabilities in your codebase. Use when you need to find unsafe database queries before they get exploited.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/lxgicstudios/sql-injection-scanner

Download Source Code (.zip)

SQL Injection Scanner

SQL injection has been around for decades and it's still in the OWASP Top 10. This tool scans your backend code for unsafe query construction, string concatenation in SQL, and missing parameterized queries. It finds the vulnerabilities and shows you how to fix them.

One command. Zero config. Just works.

Quick Start

npx ai-sql-check src/

What It Does

Scans your codebase for SQL injection vulnerability patterns
Detects string concatenation in SQL queries
Finds missing parameterized query usage
Identifies unsafe ORM patterns and raw query calls
Generates fix suggestions showing proper parameterized versions

Usage Examples

# Scan your entire backend
npx ai-sql-check src/

# Check a specific API route
npx ai-sql-check src/routes/users.ts

# Scan all database related files
npx ai-sql-check "src/**/*.{ts,js}"

Best Practices

Always use parameterized queries - String concatenation in SQL is never safe, even if you think the input is trusted
Check ORM raw query calls - ORMs are generally safe, but raw query methods bypass protections
Scan before every release - New code means new potential injection points
Don't trust input validation alone - Parameterization is the real defense. Validation is just a bonus.

When to Use This

Before a security audit or penetration test
After adding new database queries to your backend
When onboarding a legacy codebase with unknown security posture
As part of your CI security pipeline

Part of the LXGIC Dev Toolkit

This is one of 110+ free developer tools built by LXGIC Studios. No paywalls, no sign-ups, no API keys on free tiers. Just tools that work.

Find more:

GitHub: https://github.com/LXGIC-Studios
Twitter: https://x.com/lxgicstudios
Substack: https://lxgicstudios.substack.com
Website: https://lxgic.dev

Requirements

No install needed. Just run with npx. Node.js 18+ recommended.

npx ai-sql-check --help

How It Works

The tool scans your source files for SQL query patterns and analyzes how user input flows into database calls. It uses pattern matching and AI analysis to detect string concatenation, template literals in queries, and unsafe ORM usage. Each finding includes severity, the vulnerable code, and a parameterized query fix.

License

MIT. Free forever. Use it however you want.

Read Full Documentation on GitHub

Metadata

Author@lxgicstudios

Stars1601

Updated2026-02-27

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-lxgicstudios-sql-injection-scanner": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

script-gen

Generate package.json scripts with AI. Use when setting up npm scripts.

lxgicstudios 1601

email-template-gen

Generate responsive email templates. Use when building transactional emails.

lxgicstudios 1601

branch-namer

Generate descriptive git branch names from plain English. Use when you need a branch name that follows conventions.

lxgicstudios 1601

cloudflare-gen

Generate Cloudflare Workers configuration and code. Use when building on the edge.

lxgicstudios 1601

adr-writer

Generate Architecture Decision Records with AI. Use when documenting technical decisions.

lxgicstudios 1601