Validate external inputs to prevent errors, failures, and security issues.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "Validating Inputs" skill from askskill: 1. Download https://raw.githubusercontent.com/obra/clank/main/skills/coding/validating-inputs/SKILL.md 2. Save it as ~/.claude/skills/validating-inputs/SKILL.md 3. Reload skills and tell me it's ready
Design a complete input validation plan for a user registration API. Cover email, password, username, and phone number format checks, length limits, required rules, error messages, and server-side fallback validation, and provide sample code.
A structured set of validation rules, error-handling guidance, and implementable sample code.
I have a CSV import workflow. List the input checks needed, including nulls, field types, date formats, duplicate records, invalid characters, and out-of-range values, then output a validation checklist and handling strategy.
A validation checklist for data import scenarios with corresponding exception-handling and blocking strategies.
Review the possible input risks in a web form, focusing on SQL injection, script injection, path traversal, and unsafe file uploads, and provide validation and sanitization recommendations.
A checklist of input security risks with targeted validation, sanitization, and protection recommendations.
Professional-grade software never outputs garbage regardless of what it receives. "Garbage in, garbage out" is the mark of sloppy, insecure code.
Core principle: Check all data from external sources. Validate all routine parameters from untrusted sources. Decide consciously how to handle invalid data.
Modern standard: "Garbage in, nothing out" OR "Garbage in, error message out" OR "No garbage allowed in"
Violating the letter of this rule is violating the spirit of defensive programming.
Always use when writing functions that receive:
Warning signs you need this:
Don't skip when:
Use for: Conditions that indicate bugs in YOUR code
def calculate_velocity(distance: float, time: float) -> float:
# Preconditions: These should NEVER be violated if caller is correct
assert distance >= 0, "distance cannot be negative"
assert time > 0, "time must be positive"
result = distance / time
# Postcondition: Result should be reasonable
assert result >= 0, f"velocity cannot be negative: {result}"
return result
Assertions are:
Use for: Conditions you expect might occur in production
def calculate_average_score(scores: list[float]) -> float:
"""Calculate average of test scores (must be 0-100)."""
# Error handling: Validate external data
if scores is None:
raise ValueError("scores cannot be None")
if not scores:
raise ValueError("Cannot calculate average of empty score list")
# Validate each score
for i, score in enumerate(scores):
if not isinstance(score, (int, float)):
raise TypeError(f"Score {i} is not a number: {score}")
if score < 0 or score > 100:
raise ValueError(f"Score {i} out of range [0-100]: {score}")
result = sum(scores) / len(scores)
# Postcondition: Verify result is valid
assert 0 <= result <= 100, f"Calculated average out of range: {result}"
return result
Error handling:
| Situation | Approach | Example |
|---|---|---|
| External data | Validate everything | Check ranges, types, formats, lengths |
| Routine parameters | Check if from untrusted source | Validate or document assumptions |
| Internal invariants | Assert they hold | Assert postconditions, state assumptions |
| Null/None | Check explicitly | if value is None: raise ValueError() |
| Empty collections | Decide if valid or error | Empty list error or return default? |
| Type mismatches | Check with isinstance | if not isinstance(score, (int, float)) |
| Range violations | Check bounds | if score < 0 or score > 100 |
…
Name code by domain meaning to improve clarity and team alignment.
Write evergreen comments focused on what and why, not historical context.
Compare 2-3 approaches before execution to choose a stronger solution.
Plan with pseudocode first, refine approaches, then translate into working code.
Search past Claude Code chats to recover facts, decisions, and context.
Choose clear, accurate variable names that improve code readability and maintenance.
Design layered validation across data flows to prevent bugs and security issues.
Review security risks for auth, inputs, secrets, APIs, and sensitive features.
Validate shell commands before execution to avoid invalid or failing runs.
Validate documents against international standards before an agent takes action.
Automatically profile data, infer validation rules, and generate health scores.
Validate code changes before commit and check React contribution requirements.