Agent skill

detecting-signed-unsigned-conversion

Detects unsafe signed/unsigned integer conversions that can lead to integer overflow and security check bypasses. Use when analyzing integer operations, comparisons, or investigating conversion-related vulnerabilities.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/detecting-signed-unsigned-conversion-waiwai24-binaryx-agent

SKILL.md

Signed/Unsigned Conversion Detection

Detection Workflow

  1. Identify conversions: Find all signed/unsigned conversions, locate implicit conversions, identify comparison operations, map arithmetic operations
  2. Analyze conversion safety: Check for negative values, assess overflow potential, verify conversion correctness, review comparison logic
  3. Trace value flow: Follow values through conversions, identify impact on operations, assess security implications, verify value constraints
  4. Assess exploitability: Can attacker trigger negative value? Can conversion bypass security checks? What's the potential impact? Is it exploitable?

Key Patterns

  • Comparison errors: comparing signed with unsigned values, negative values treated as large positive, bypassed bounds checks, incorrect loop conditions
  • Arithmetic errors: signed to unsigned conversion in arithmetic, integer overflow after conversion, underflow after conversion, unexpected results
  • Function parameter issues: passing signed to unsigned parameters, implicit conversions in function calls, missing explicit casting, type mismatch in APIs
  • Size calculation issues: signed values used for sizes, negative sizes after conversion, overflow in size calculations, incorrect buffer allocations

Output Format

Report with: id, type, subtype, severity, confidence, location, vulnerability, comparison_operation, signed_variable, unsigned_variable, issue, exploitable, attack_scenario, impact, mitigation.

Severity Guidelines

  • HIGH: Conversion bypassing security checks
  • MEDIUM: Conversion causing logic errors
  • LOW: Minor conversion issues

See Also

  • patterns.md - Detailed detection patterns and exploitation scenarios
  • examples.md - Example analysis cases and code samples
  • references.md - CWE references and mitigation strategies

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results