Claude Code Skills·Claude Skills·The open SKILL.md registry for Claude
ClaudSkills / General / general-misc

Command Injection Rce

Category: General  ·  Sub-category: general-misc  ·  Last updated:
type:audit
Turn suspected OS command injection (a parameter that lands in a shell or a child process) into proof of remote code execution via an OAST callback, plus one safe demonstration of follow-on impact (read a file, list users, env dump). Use when a parameter feeds an exec/spawn/system call, when payloads with $(), `` ` ``, `;`, `|`, `&&` cause response differences, or when audit flags CWE-78 / CWE-77. Never sends destructive commands.

About this skill (catalog notes)

Command Injection Rce includes pricing or quota commentary. The SKILL.md runs to about 769 words, in the catalog's typical mid-range.

Source
www.vigolium.com
Original author
vigolium
Indexed lastmod
Catalog position
General · general-misc
Indexed related skills
10

How Command Injection Rce fits the catalog

Command Injection Rce sits in the General category under the general-misc sub-topic in the ClaudSkills catalog. There are 10 related skills indexed alongside it; comparing a few before installing usually reveals which fits your workflow best.

These notes are auto-generated from features detected in the SKILL.md file and from this catalog's structure — they aren't part of the source repository.

From the source SKILL.md

You have a parameter that smells like it lands in a shell or process exec call. Your job is to prove arbitrary command execution by getting an OAST callback from the server, then demonstrate one minimal follow-on action (a file read, an env dump). Reporting "the response changed when I sent ;" is not enough.

What this skill does

Command Injection Rce is a community-contributed Claude Code skill in the general-misc sub-category. It ships as a SKILL.md file that Claude Code auto-discovers under ~/.claude/skills/command-injection-rce/ and loads when your prompt matches the skill's trigger.

When to invoke it: Use when a parameter feeds an exec/spawn/system call, when payloads with $(), `` ` ``, `;`, `|`, `&&` cause response differences, or when audit flags CWE-78 / CWE-77. Never sends destructive commands.

Who uses this skill

The Command Injection Rce Claude Code skill is built for Claude Code users and developers across all disciplines looking for general-purpose AI assistance. It's part of ClaudSkills (also referred to as Claude Skills or Claude Code Skills) — the open community-curated registry of 116,000+ SKILL.md files for Anthropic's Claude Code agent and the wider Claude ecosystem (Claude API, Claude Agent SDK).

How to install

Free

Manual install (2 steps)

mkdir -p ~/.claude/skills/command-injection-rce
curl -L https://claudskills.com/skills/command-injection-rce/SKILL.md \
  -o ~/.claude/skills/command-injection-rce/SKILL.md

Or just download SKILL.md directly and drop it into ~/.claude/skills/command-injection-rce/. Claude Code auto-discovers it on next session.

Skills live at ~/.claude/skills/command-injection-rce/SKILL.md on macOS/Linux, or %USERPROFILE%\.claude\skills\command-injection-rce\SKILL.md on Windows. See the full install guide for step-by-step instructions.

Telegram

📱 Install from your phone or desktop Telegram

Open @claudskills_bot on Telegram, tap Open Desktop App, and the desktop app installs this skill for you. Or share the bot link with a colleague — they get the same one-tap install. Learn more →

Pro

One-click install via the desktop app

The ClaudSkills desktop app installs any skill directly into ~/.claude/skills/ with one click — no terminal required. Pro starts at $9/mo or $149 lifetime.

Pro

For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.

See pricing → Download desktop app

Frequently asked questions

How do I install the Command Injection Rce Claude Code skill?
Install via the ClaudSkills desktop app (one click) or copy SKILL.md from the source repository to ~/.claude/skills/command-injection-rce/SKILL.md and restart Claude Code. Both flows are detailed at claudskills.com/install/.
What does the Command Injection Rce skill do?
Turn suspected OS command injection (a parameter that lands in a shell or a child process) into proof of remote code execution via an OAST callback, plus one safe demonstration of follow-on impact (read a file, list users, env dump). Use when a parameter feeds an exec/spawn/system call, when payloads with $(), `` ` ``, `;`, `|`, `&&` cause response differences, or when audit flags CWE-78 / CWE-77. Never sends destructive commands.
Is this skill free to install?
Yes. ClaudSkills is an open registry — every skill keeps its source repository's license, and manual install via copy is free. ClaudSkills Pro ($9/mo, $79/yr, or $149 one-time) adds one-click install via the desktop app and a multi-signal Quality Score.
When should I use the Command Injection Rce skill?
Use Command Injection Rce when your Claude Code task falls under the General category — specifically in the general misc area. Claude Code auto-discovers installed skills and invokes the right one based on the task description, so you can also ask Claude directly (e.g. "use Command Injection Rce" or describe the task and let Claude pick). Browse related skills at /category/general/.
What is a Claude Code skill and how does the Command Injection Rce skill fit in?
A Claude Code skill is a SKILL.md file that lives under ~/.claude/skills/<name>/ and tells the Claude Code CLI agent how to perform a specific task (instructions, prompts, allowed tools). Skills are auto-discovered at session start. Command Injection Rce is one of 67,000+ skills indexed in the open ClaudSkills catalog, classified under the General category. Learn more at /learn/what-is-a-claude-skill/.

Attribution & license

Cite this skill

If you reference this skill in a blog post, paper, or documentation, you can cite it as:

APA
vigolium. (2026). Command Injection Rce [Claude Code skill]. ClaudSkills. https://claudskills.com/skills/command-injection-rce/
BibTeX
@misc{command-injection-rce-2026,
  author    = {vigolium},
  title     = {Command Injection Rce [Claude Code skill]},
  year      = {2026},
  publisher = {ClaudSkills},
  url       = {https://claudskills.com/skills/command-injection-rce/}
}

Embed this skill

Promote, attribute, or link this skill from your own README, blog post, or documentation. All three snippets are free to use — no sign-up, no API key. More distribution surfaces →

Badge
[![ClaudSkills](https://claudskills.com/badge/command-injection-rce.svg)](https://claudskills.com/skills/command-injection-rce/?utm_source=badge&utm_medium=readme&utm_campaign=skill_badge)
<script>
<script src="https://claudskills.com/embed/command-injection-rce.js" async></script>
<iframe>
<iframe src="https://claudskills.com/embed/command-injection-rce.html" width="100%" height="160" frameborder="0" loading="lazy" title="ClaudSkills: Command Injection Rce"></iframe>

Free. No spam. Unsubscribe in one click.

More General skills

Browse all General skills in the ClaudSkills registry, or explore these other picks from the same category:

Browse all General skills → Top 100 skills
Part of ClaudSkills — the open registry for Claude Skills & Claude Code Skills.  ·  What's New  ·  Install guide  ·  About  ·  llms.txt

Part of Acreator Store — Adam Lankamer's AI tools: PerfectStudio · Ucaption · UTagger · AutoXPoster · TestYourSkills · AutomationFlows · Au Naturel · Telegram @acreatorstore

Categories

Use cases

Popular tags

Learn

Site