Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Zeroize Audit

Plugin Aktiv
Teil von:Trailofbits

Detects missing or compiler-optimized zeroization of sensitive data with assembly and control-flow analysis

1 Skill 0 MCPs
Zweck

To provide developers and security auditors with a robust tool for identifying and verifying vulnerabilities related to the improper handling and zeroization of sensitive data in code.

Funktionen

  • Detects missing zeroization in source code
  • Identifies zeroization removed by compiler optimizations
  • Performs assembly-level analysis for stack/register security
  • Generates proof-of-concept exploits for verified findings
  • Analyzes C, C++, and Rust codebases

Anwendungsfälle

  • Auditing cryptographic implementations for secure data handling
  • Reviewing authentication systems for secrets management flaws
  • Verifying secure cleanup procedures in security-critical code
  • Investigating memory safety issues concerning sensitive data

Nicht-Ziele

  • General code review or performance optimization outside of security
  • Refactoring code unrelated to sensitive data handling
  • Replacing a full static analysis suite for non-security-related bugs

Trust

  • warning:Issues Attention13 issues opened and 4 closed in the last 90 days suggests slow maintainer response to open issues (closure rate < 10%).

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install zeroize-audit@trailofbits

Enthält 1 Erweiterungen

Skill (1)

Zeroize Audit Skill

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

95

Qualitätspunktzahl

93 /100
Analysiert about 21 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Arm Cortex Microcontrollers

100

ARM Cortex-M firmware development for Teensy, STM32, nRF52, and SAMD with peripheral drivers and memory safety patterns

Plugin
wshobson

C4 Architecture

99

Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation

Plugin
wshobson

Dimensional Analysis

99

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

Plugin
trailofbits

Ruflo Knowledge Graph

99

Knowledge graph construction — entity extraction, relation mapping, and pathfinder graph traversal

Plugin
ruvnet

Ruflo Ruvector

98

Self-learning vector database via npx ruvector@0.2.25 — HNSW, adaptive LoRA embeddings, code-graph clustering, hooks routing, brain/SONA, 103 MCP tools

Plugin
ruvnet

Everything Claude Code

97

Battle-tested Claude Code plugin for engineering teams — 60 agents, 228 skills, 75 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use

Plugin
affaan-m