Agent skill
security/review
Security Code Review security skill
Stars
163
Forks
31
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/development/securityreview
SKILL.md
Security Code Review
Systematic checklist for reviewing C code for security vulnerabilities.
Review Checklist
Memory:
- All array accesses bounds-checked
- Integer overflow checked before allocation/indexing
- No use-after-free potential
- Strings null-terminated after operations
Input:
- All external input validated at trust boundary
- Path inputs canonicalized and checked
- No user data in format strings
- Lengths validated before use
Functions:
- No banned functions (strcpy, sprintf, gets, etc.)
- Buffer sizes passed to all string operations
- Return values checked
Secrets:
- No credentials in logs or error messages
- Config file permissions verified
- Secrets scrubbed from memory when done
Files:
- No TOCTOU races (access then open)
- Symlinks handled safely (O_NOFOLLOW)
- Temp files use mkstemp
Grep for red flags:
bash
grep -rn 'strcpy\|sprintf\|gets\|strcat\|mktemp' src/
grep -rn 'printf.*%s.*user\|system(\|popen(' src/
Didn't find tool you were looking for?