PHP

v1.0.1

Write solid PHP avoiding type juggling traps, array quirks, and common security pitfalls.

⭐ 4· 1.6k·8 current·8 all-time

byIván@ivangdavila

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (PHP best-practices and security traps) match the provided files and the single required binary (php). There are no environment variables, unrelated binaries, or unexpected config paths requested.

✓

Instruction Scope

The SKILL.md and supporting .md files contain static guidance (coding rules and safe patterns). They do not instruct the agent to read user files, access external endpoints, or collect credentials. No vague 'gather whatever context you need' directives are present.

✓

Install Mechanism

No install specification or downloads are present (instruction-only). Nothing will be written to disk or fetched during install by the skill itself.

✓

Credentials

No credentials or sensitive environment variables are requested. The requirements are limited to the php binary, which is appropriate for a PHP guidance skill.

✓

Persistence & Privilege

The skill is not marked always:true and does not request elevated or persistent system privileges. It can be invoked autonomously by the agent (platform default), which is expected for a skill, but this is not combined with other concerning capabilities.

Assessment

This skill is a set of PHP best-practice notes and is internally consistent with its description. It doesn't request credentials or install code, so risk from the skill itself is low. Before installing, ensure you trust the source (no homepage/source provided) and that your agent's php runtime is the one you expect (to avoid surprising behavior if php is compromised). If you prefer tighter control, keep autonomous invocation off for this skill or only invoke it manually.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐘 Clawdis

OSLinux · macOS · Windows

Binsphp

latestvk97entyr7cgt5d0vghvbkbvayx8151rd

1.6kdownloads

4stars

2versions

Updated 1mo ago

v1.0.1

MIT-0

Linux, macOS, Windows

Quick Reference

Topic	File
Loose typing, ==, ===, type juggling, strict_types	`types.md`
Associative arrays, iteration, array functions	`arrays.md`
Traits, interfaces, visibility, late static binding	`oop.md`
Encoding, interpolation, heredoc, regex	`strings.md`
Exceptions, error handling, @ operator	`errors.md`
SQL injection, XSS, CSRF, input validation	`security.md`
PHP 8+ features, attributes, named args, match	`modern.md`

Critical Rules

== coerces types: "0" == false is true — always use === for strict comparison
in_array($val, $arr) uses loose comparison — pass true as third param for strict
strpos() returns 0 for match at start — use === false not !strpos()
Never concatenate SQL — use prepared statements with PDO
htmlspecialchars($s, ENT_QUOTES) all output — prevents XSS
isset() returns false for null — use array_key_exists() to check key exists
foreach ($arr as &$val) — unset $val after loop or last ref persists
static:: late binding vs self:: early binding — static respects overrides
@ suppresses errors — avoid, makes debugging impossible
Catch Throwable for both Error and Exception — PHP 7+
declare(strict_types=1) per file — enables strict type checking
strlen() counts bytes — use mb_strlen() for UTF-8 character count
Objects pass by reference-like handle — clone explicitly with clone $obj
array_merge() reindexes numeric keys — use + operator to preserve keys

Comments

Loading comments...