← Back to Skills

Bash Defensive Patterns

🌐Community
by wshobson · vlatest · Repository

Automatically applies secure bash scripting patterns to prevent common vulnerabilities like command injection.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add bash-defensive-patterns npx -- -y @trustedskills/bash-defensive-patterns
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "bash-defensive-patterns": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/bash-defensive-patterns"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The bash-defensive-patterns skill provides a set of best practices and defensive coding techniques for writing robust, secure, and maintainable Bash scripts. It includes strategies to prevent common pitfalls like command injection, improper error handling, and insecure input processing.

When to use it

  • Writing Bash scripts that interact with user inputs or external data sources.
  • Developing scripts that require high security and reliability in production environments.
  • Ensuring scripts are resilient against unexpected failures or malicious attacks.
  • Improving the maintainability of long-term Bash projects by following consistent coding standards.

Key capabilities

  • Input validation and sanitization techniques
  • Safe use of command substitution and variable expansion
  • Error handling with traps and exit codes
  • Secure execution of external commands using "$@" and quoting strategies
  • Prevention of shell injection vulnerabilities

Example prompts

  • "How can I safely handle user input in a Bash script to prevent command injection?"
  • "What are the best practices for error handling in Bash scripts?"
  • "Can you show me how to use defensive patterns when executing external commands in Bash?"

Tips & gotchas

  • Always quote variables and use "$@" instead of $* to avoid unintended word splitting.
  • Test scripts with edge cases, such as inputs containing spaces or special characters, to ensure robustness.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
wshobson
Installs
2.7k
Repository (canonical source) →

🌐 Community

Passed automated security scans.