ReddRadar
Agent skill
vulnerability-analysis
Identify vulnerability class, analyze root cause, and plan exploitation strategy.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/vulnerability-analysis-amattas-agentic-coding-7b9c2a11
SKILL.md
Vulnerability Analysis
Systematic identification and analysis of vulnerabilities in binary targets.
Vulnerability Classes
| Class | Signals | Typical Cause |
|---|---|---|
| Stack BOF | No bounds check on input | gets(), strcpy(), sprintf() |
| Format String | User input as format arg | printf(buf) instead of printf("%s", buf) |
| Heap Corruption | Dynamic allocation + free | UAF, double-free, heap overflow |
| Integer Overflow | Arithmetic on user input | Size calculations, array indexing |
| Race Condition | Multi-threaded or file ops | TOCTOU, signal handlers |
| Logic Bug | Unexpected program state | Auth bypass, incorrect checks |
Analysis Process
- Trace user input - Where does it enter? Where does it go?
- Find sinks - Dangerous functions that consume input
- Check bounds - Are there size limits? Are they enforced?
- Check protections - What mitigations affect exploitation?
Dangerous Function Patterns
// Stack BOF
gets(buf); // No bounds
strcpy(dst, src); // No bounds
sprintf(buf, fmt, ...); // No bounds
scanf("%s", buf); // No bounds
// Format String
printf(user_input); // User controls format
// Command Injection
system(user_input); // Direct command exec
popen(user_input, "r"); // Command exec
Mitigation Bypass Planning
| Have | Need | Strategy |
|---|---|---|
| BOF + NX | Code exec | ROP chain, ret2libc |
| BOF + Canary | Bypass | Leak canary first |
| BOF + PIE | Fixed addr | Leak code address |
| Format + No write | Write primitive | Use %n specifier |
| Heap + no leak | Info leak | Heap feng shui |
Output
Produce context/vulnerability-analysis.md using the template.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?